Job Number: R0069118
Security Automation Engineer, Senior
Assist with developing security automation capabilities to decrease response times, increasing effectiveness, eliminating waste, and streamlining security operations. Review procedures relating to Cyber threat intelligence, monitoring, incident response, attack surface reduction, and design automated actions to accelerate the triage, validation, eradication, and remediation of security incidents. Leverage expertise in leading security operations tools and industry-standard scripting languages to effectively write playbooks in security orchestration, automation, and response (SOAR) platforms, including Phantom or Demisto. Create, maintain, and manage a library of automated playbooks for common information security threats and customize these plans for client-specific environments. Work under general to little supervision. Assist with training junior software engineering staff.
- 2+ years of experience with security technologies, including SIEM, firewalls, IDS, and IPS, or EDR
- 2+ years of experience with supporting security automation in enterprise Cloud environments
- Experience with leveraging SOAR platforms for playbook development
- Experience with Phantom or Demisto
- Ability to obtain a security clearance
- BA or BS degree required
- Experience with one or more of the following network security and system management tools: Splunk, ELK, Carbon Black, Check Point, Nitro, ArcSight, Swimlane, Snort, Bro, or Cisco FirePower
- Experience with system integration using a variety of protocols, including XML, REST, and JSON
- Experience in API development with Restful Web services
- Experience with leveraging JSON, YAML, and XML for configuration
- Experience with working in an Agile environment to develop new playbooks and automate manual security operations procedures
- Experience with operating in Cloud environments, including AWS, Azure, or GCP
- Experience with security tools, including Nmap, Metasploit Pro, Kali Linux, Burp Suite Pro, Tenable Security Center, or Nessus a plus
- Knowledge of Security Operations Centers (SOCs) and Incident Response processes and procedures
- Knowledge of general concepts around risk and threat management and associated frameworks and standards, including NIST, OWASP, and ISO
- Possession of excellent oral and written communications skills
- Possession of excellent analytical and critical thinking skills
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.
Apply on company website