Senior Security Orchestration and Automated Response (SOAR) Engineer
**Writes automation playbooks (mostly Python code) to automate tasks to reduce workload for cyber security operations personnel **
– Temp to perm l
Skills Needed for this Role:
• Strong verbal and written communication skills with a customer-first disposition – They will regularly interface with customers and must be able to translate business requirements to technical requirements/process design and be able to professionally commit those requirements to documentation
• Understand agile delivery models, version control, and how to develop in a team environment
• Strong in Python (and other scripting languages such as PowerShell, BASH, etc.) and have experience delivering solutions leveraging APIs for process automation.
• Experienced with integrations involving critical security infrastructure/platforms such as:
o IAM infrastructure (LDAP directories, Active Directory, privilege management systems)
o EDR solutions
o Vulnerability management solutions
o SIEM systems (especially Splunk Enterprise & Enterprise Security)
• Experience leveraging APIs for process automation
• Security background – Worked in or very closely with security operations functions and they should have familiarity with some (or all) of the following frameworks: ISO 27001:2013, OWASP, MITRE ATT&CK, and NIST CSF
• A solid development methodology – Design process discipline, where they can lead development from ideation to delivery
Serves as a Security Orchestration and Automated Response (SOAR) engineer responsible for design, development and implementation of automations that accelerate functions within client (GIS). Collaborates with the Security Operations Center (SOC), Cyber Incident Response Team (CIRT) and other functions within GIS to identify inefficient and manual processes that would benefit from automation. Leads security automation playbook development from requirements collection through to implementation.
Education and Experience:
• Bachelors degree in Computer Sciences or related field or equivalent experience/certification
• 2+ years of development experience in the following:
o Focused development using Security Orchestration and Automated Response (SOAR) platforms
o Scripting or programming using Python in a security operations capacity
• 5+ years of information technology experience, including some or all of the following:
o Experience working in or with security functions such as SOC, CIRT, security engineering, risk management, vulnerability management.
o Technical infrastructure operations, administration, or engineering
o Application or software development
o Agile methodology
• Current information security certifications, such as: Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
• Development experience on Splunk Phantom SOAR platform
• Splunk skills: search, report and dashboard creation
• Broad exposure to a wide range of IT security technologies
• Development project management
• Good written and verbal communication skills and problem-solving ability
• Familiar with security operations centers and incident response work
What Youll Be Doing
• Working in Splunks Phantom SOAR platform to develop security automation playbooks.
• Meet with GIS teams to identify areas or functions that may benefit from automation.
• Catalogue and review any identified security automation use cases with stakeholders to facilitate prioritization with a focus on cyber security risk reduction through efficiency (i.e., time saved, improved response and remediation times).
• Lead automation use case/playbook design sessions with stakeholders to map requirements to pseudo-code in flow charts, noting integration requirements and all processes, decision points and outcomes for sign-off prior to development.
• Develop automation playbooks using either out-of-the-box (or custom) integrations and functions as outlined in the automation process design.
• Collaborate with Security Information and Event Management (SIEM) content developers as needed to support automation integrations and workflows for security personnel.
• Develop or update security automation metrics to highlight improvements in efficiency.
• Additional responsibilities:
o Occasionally participates in the evaluation and selection of security service products pertaining to security automation.
o Supports analysis of technology industry and market trends to determine their potential impact on security automation architecture.
o Supports life cycle management of the SOAR platform, integrations and related components.
o Consults with project, architecture and other engineering teams to identify when it is necessary to modify infrastructure and security services to accommodate automation project needs.
o Participates in architecture design and analysis work related to security automation.
o Supports, implements and promotes standard configuration and change management, processes and practices.