Job Number: R0072754
Security Automation Engineer, Mid
Develop security automation capabilities with the goal of decreasing response times, increasing effectiveness, eliminating waste, and streamlining security operations. Review procedures relating to Cyber threat intelligence, monitoring, incident response, attack surface reduction, and design automated actions to accelerate the triage, validation, eradication, and remediation of security incidents. Leverage expertise in leading security operations tools and industry standard scripting languages to effectively write playbooks in security orchestration, automation and response (SOAR) platforms, including Phantom and Demisto. Create, maintain, and manage a library of automated playbooks for common information security threats and customize these plans for client specific environments.
- 1+ years of experience with security technologies, including SIEM, firewalls, IDS/IPS, and EDR
- Experience with supporting security automation in enterprise Cloud environments
- Experience with SOAR platforms and performing tasks, including playbook development
- Ability to obtain a security clearance
- BA or BS degree required
- Experience with network security and system management tools, including Splunk, ELK, Carbon Black, Check Point, Nitro, ArcSight, Swimlane, Phantom, Snort, Bro, Cisco FirePower, or related security management tools
- Experience with system integration using a variety of protocols, including XML, REST, and JSON
- Experience in API development with Restful Web services
- Experience with leveraging JSON, YAML, and XML for configuration
- Experience in working within an Agile environment to develop new playbooks and automate manual security operations procedures
- Experience with operating within Cloud environments, including AWS, Azure or GCP
- Knowledge of security operations centers (SOCs) and incident response processes and procedures
- Knowledge of general concepts around risk and threat management and associated frameworks and standards, including NIST, OWASP, and ISO
- Possession of excellent oral and written communications skills
- Possession of excellent analytical and critical thinking skills
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.
Apply on company website