100% Remote role

Per client requirement: US Citizenship required

The Principal Security Operations Center (SOC) Automation Engineer will be a senior technical individual contributor position within the Client’s Operations & Security Services (OSS) Department.

• The Principal SOC Automation Engineer will provide the orchestration strategy, and playbook lifecycle management and lead the development of Security Orchestration, Automation, and Response (SOAR) playbooks that improve the efficiency and effectiveness of security operations provided by the Multi-State Information Sharing & Analysis Center (MS-ISAC) and Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC) to State, Local, Tribal, and Territorial (SLTT) organizations.
• The Client makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation.
• They are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data.
• They lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.

Responsibilities:

• Design, build, test, deploy, maintain, and document new SOAR playbooks to extend the existing security capabilities of the MS- and EI-ISAC.
• Develop creative new approaches to accelerate threat detection, responses, and proactive defenses.
• Orchestrate information between SOC, Cyber Threat Intelligence (CTI), and Cyber Incident Response Team (CIRT) analysts, improving the relevance and actionability of products
• Lead playbook development and deployment with multi-functional team members.
• Collaborate with and provide feedback to the analysts, engineers, and product managers as you operationalize innovative security automation and orchestration into security operations
• Communicate and document the efficiency and effectiveness of SOAR playbooks to management and stakeholders.
• Make recommendations to OSS executive leadership on capabilities, direction, investments, and divestments of technologies, products, and services
• Actively research emerging security practices and workflows and operationalize findings to better enhance our offerings
• Develop and manage the playbook development lifecycle, including change control process and quality assurance standards for automation and orchestration, to ensure changes are tested, rollback plans created, and that playbooks do not negatively impact integrated business systems or operations
• Assist internal support teams with troubleshooting highly technical issues that cannot be resolved by lower-tiered support levels
• Provide briefings and training to SLTT members, MS-ISAC and EI-ISAC executive committees, and internal stakeholders on cyber defensive technologies. This position will closely align with the sales, marketing, and communications teams to assist with pre- and post-sales support and provide input to develop materials for members
• Other tasks and responsibilities as assigned

Requirements:

• Bachelor’s degree in information technology, cybersecurity, or a related field*
• 8+ years’ experience in network and security operations.
• 3+ years’ experience in SOC analysis and threat hunting
• 5+ years’ experience in SOAR and information automation
• 2+ years’ experience building/integrating security operations processes in large environments
• Expert-level knowledge of Application Programming Interface (API) technologies and integrating security tools such as firewalls, intrusion detection and prevention systems, endpoint security tools, and other data sources into automated workflows
• Expert-level proficiency in Python development
• Significant experience with orchestrating processes, development of custom integrations, and designing advanced decision-making logic
• Significant experience with designing and implementing automation and orchestration best practices, including playbook lifecycle management and development of Key Performance Indicators (KPIs)
• Experience with cyber defense technologies, asset management technologies, Security Event and Incident Management (SIEM) platforms, Threat Intelligence Platforms (TIPs), information and enrichment services, and the MITRE ATT&CK framework
• Excellent client-facing and internal communication skills
• Solid organizational skills, including attention to detail and multi-tasking skills
• Candidate must be eligible to obtain National Security Clearance
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**
• Must be authorized to work in the United States

Desired Skills:

• Advanced degree in Computer Science, Business, or related field
• Strong presentation capabilities
• Experience with Cyware’s Orchestrate SaaS platform
• Relevant industry certifications such as CISSP, GCIH, GCIA, GMON
• Experience in vendor management and relationships
• Familiarity with Agile DevOps and project management

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

Posted On: Thursday, November 16, 2023