-
ID
#17443013 -
Job type
Permanent -
Salary
TBD -
Source
COX Enterprises -
Date
2021-07-28 -
Deadline
2021-09-26
Security Orchestration, Automation and Response (SOAR) Engineer
Georgia, Atlanta, 30301 Atlanta USAPermanent
Vacancy expired!
- Develop and implement SOC and IR systems integrations through automation and orchestration including API, PowerShell, and Python.
- Document SOAR workflows, scripts, and code and use established code repository for tracking.
- Collaborate with the detection engineering and threat detection and response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features.
- Partner with the detection engineering and threat detection and response teams on detection and response processes and playbooks.
- Develop security focused content for SIEM, including creation of complex threat detection logic and operational dashboards.
- Prioritize and coordinate backlog of SOAR integration and automation requests, ensuring a healthy balance between defect resolution and new features.
- Troubleshoot SIEM data collection, notification tuning and alerting.
- Four or more years of technical experience in the Information Security field with direct experience with SOAR or other automation solutions.
- Minimum 2 years of hands on SOC / IR experience.
- Experience with SOAR or other automation solutions (e.g., IT automation, SIEM, case management).
- Strong experience triaging security events using a variety of tools including SIEM / SOAR / XDR in a security operations environment.
- Scripting and development skills i.e., BASH, Perl, Python, or Java, with strong knowledge of regular expressions
- RESTful API experience
- Proficiency with common cybersecurity frameworks such as MITRE ATT&CK, Kill Chain, OWASP.
- Strong process execution, time management and organizational skills.
- Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Experience with Log Management/SIEM tools (e.g., Arcsight, IBM/Qradar, Splunk, Mcafee/Nitro, ELK, LogRythm, others)
- Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- BS in Computer Science, Information Systems, Engineering.
- Experience with QRadar/JSA.
- Experience with Cortex XSOAR/Demisto.
- Experience with endpoint security agents like Carbon Black or CrowdStrike.
- Experience with network forensics and associated toolsets, (Moloch, WireShark, , tcpdump) and analysis techniques.
- Experience with host-based detection and prevention suites like Microsoft Defender or OSSEC.
- Experience navigating and working in hybrid cloud environments.
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
- SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN are preferred, but not required.
Vacancy expired!
Report job