AHEAD

AHEAD

AHEAD accelerates the impact of technology on clients by engineering customized data, developer, and infrastructure platforms that improve IT operations. By weaving together cloud infrastructure, intelligent operations, and modern applications, we help...

IT Services
1K-5K
$43M raised

Description

  • Design and deploy ExtraHop sensor architectures across physical, virtual, and cloud environments, including TAP, SPAN, and cloud traffic mirroring strategies.
  • Configure and size packetstores for retention, performance, and compliance needs in high-throughput environments.
  • Create custom detections and bundles tailored to client environments, threats, and false-positive patterns.
  • Develop custom dashboards in Reveal(x) that support SOC workflows and executive reporting.
  • Build and maintain REST API integrations between ExtraHop and SIEM, SOAR, ticketing, and CMDB platforms.
  • Conduct network visibility assessments to identify blind spots, decryption coverage gaps, and segmentation issues.
  • Collaborate with clients to optimize and fine-tune deployments and provide technical guidance.
  • Troubleshoot and resolve complex ExtraHop issues during and after implementation.
  • Contribute to solution design and as-built documentation.
  • Mentor junior consultants and support their technical development.

Requirements

  • 6+ years of hands-on experience with ExtraHop Reveal(x) or Reveal(x) 360 in production environments, or similar NDR solutions.
  • Experience deploying and administering ExtraHop Reveal(x) Enterprise or Reveal(x) 360.
  • Experience tuning ExtraHop sensors, recordstores, and packetstores, including sizing, retention configuration, and performance troubleshooting.
  • Strong understanding of wire data analysis, including L2-L7 protocol behavior such as TCP/IP, DNS, HTTP, and TLS/SSL decryption.
  • Experience building custom detections, bundles, and dashboards beyond default configurations.
  • Proficiency in JavaScript and Python scripting for automation, customization, and workflow optimization.
  • Working knowledge of at least one major SIEM such as Splunk, XSIAM, Crowdstrike, or equivalent, with experience integrating ExtraHop as a data source.
  • Experience with proactive threat hunting and incident investigations using MITRE ATT&CK, Cyber Kill Chain, NIST CSF, and CIS Critical Security Controls.
  • Experience with cloud traffic mirroring such as AWS VPC Traffic Mirroring, Azure vTAP, or GCP Packet Mirroring is a strong plus.
  • Solid understanding of network security, cloud environments, identity, Linux, Mac, and Windows.
  • Strong analytical and troubleshooting capabilities.
  • Effective communication skills with the ability to engage clients and team members.
  • ExtraHop certification (ECS or equivalent) preferred, or relevant certifications such as CISSP, CYSA, CEH, Security+, Pentest+, or OSCP are a plus.

Benefits

  • Compensation is offered as on-target earnings (OTE), including base salary plus applicable target bonus, with pay varying by experience, qualifications, and location.
  • Medical, dental, and vision insurance.
  • 401(k) retirement plan.
  • Paid company holidays.
  • Paid time off.
  • Paid parental and caregiver leave.
  • Access to a multi-million-dollar lab, cross-department training, and sponsored certifications and credentials for continued learning.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

RMF Process Lead (R-00177)

True Zero Technologies 11-50 Internet Software & Services

True Zero Technologies is hiring an RMF Process Lead to own and modernize federal Risk Management Framework workflows and support the transition to a new enterprise GRC or RMF platform.

1 day ago

Cyber Security Advisor

Centorrino Technologies 51-250 Internet Software & Services

Centorrino Technologies is hiring a Cyber Security Advisor in Australia to protect client digital environments, manage cyber risk and incidents, and support security governance and compliance.

Cybersecurity SIEM
1 day ago

Security Controls Assessor (SCA) - Senior

Avint 11-50 IT Services

Avint is hiring a Senior Security Controls Assessor to perform independent assessments of complex federal information systems and cloud environments, with the primary goal of validating security control effectiveness and supporting RMF compliance and risk decisions.

AWS Azure Cybersecurity GCP Penetration Testing
1 day ago

Chief Information Security Officer – Indonesia

Binance 5K-10K Capital Markets

Binance is seeking a Chief Information Security Officer to lead cybersecurity, operational resilience, and regulatory compliance for its Indonesia operations.

Cybersecurity Penetration Testing
1 day ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers