Job description:
About the Job: Ø As a Senior Cyber Security Engineer - Security Automation, you will be a technical security subject matter expert for a variety of cybersecurity solutions centered on security automations. Ø responsible for the administration and maintenance of cyber security tools, security incident management, change execution, and support of cyber security technologies in a quickly changing security industry. Ø As the automation engineer, you will collaborate closely with Palo Alto support and be in charge of planning, monitoring, and implementing the upgrade and troubleshooting operations. Ø experience managing and administering security solutions such as SOAR, firewalls, Web security proxy, office 365 security, endpoint security, data security, cloud security, and more. Ø The individual will be crucial in delivering and maintaining security solutions, automating security assessments, and participating in security audits. Job Responsibilities Ø Provide integrations for SOC team as well as other Cybersecurity teams, with innovative technical solutions and runbooks Ø Create written documentation for solution deployments Ø Quickly build mitigation and automation responses, as it pertains to the latest SOC principles and capabilities Ø Be a security expert that recommends further enhancement of the security posture provided to the company, and deliver support when appropriate Ø Work with Palo Alto technical assistance team to troubleshoot and diagnose support cases Ø Maintain current threat landscape knowledge Ø Think like an attacker, think like a defender, think like an executive, think like a Network Engineer, think like an Endpoint Engineer Ø Ability to relay highly technical concepts to a non-technical audience Ø Ensure automation needs are met and deliverables produced on time according to specified project deliverables and scope Ø Advance and uphold expertise in deploying complex SOC deployments Ø Collaborate with enterprise partners and incident response teams regarding requirements and deployment of security services, tools, and appliances Ø Document system configurations, standards, and procedures Ø Lead Security Engineering infrastructure tasks (review changes, server hardening support) Ø Serve as SME during Security Architecture Review Board Ø Serve as security SME during change control meetings Ø Act as lead to MSSP engineers driving improvements to infrastructure and network tools Ø Engineering and administration of best-in-class cyber security technologies Ø Management and implementation of technologies and processes relating to assigned cyber security capability, including issue identification and resolution, integration with other tools, documentation, gap assessment, gap resolution, and continuous improvement of the capability Ø Keep up-to-date, make recommendations, and participate in the implementation and continuous improvement of technologies and services in assigned cybersecurity domains Ø Up to date on the cyber security threat landscape, understanding of threat management framework, managing and responding to the endpoint, cloud, and hybrid infrastructure threats Ø Support Incident Response on security incidents globally, including contributing to table-top security incident exercises Ø Advise project teams, application owners, infrastructure services, and other digital Information Technology teams on information security controls Ø Continually improve team documentation, including solution run books, architecture, knowledge base articles, FAQs, Share Point Ø Perform security design consulting to support projects, including participation in security architecture reviews as necessary Ø Participate in audits covering information security services and technologies Ø Participate in proactive research and provide recommendations for continuous improvement of information security technologies, processes, and services Ø Develop, implement, and sustain operational scripts, data structures, libraries, and programming code that optimize security in emergent compute patterns with diverse applications throughout the global environment Ø Analyze, design, develop and operate programs, shell scripts, tests, and infrastructure automation capabilities in an advanced security context Basic Qualifications At least five years of work experience in IT and Information Security combined Ø 5-12 years of experience in either Python or C++ as a programming language and SOAR deployments Ø 3+ years of experience in Palo Alto XSOAR / Demisto Ø Exposure to multiple SIEMs use case development. Ø CISSP, CISA, GIAC, CCSP, AWS/Azure security specialization or equivalent security-related industry certifications and relevant industry certifications Preferred Qualifications Ø Experience using Microsoft Azure Cloud and O365 security services (ASC, MCAS, MDATP, Azure AD, Azure PIM, Azure Identity Protection, KeyVault, Manage Service Identity, Intune, Conditional Access Policy, Azure Front Door/WAF, Traffic Manager/App Gateway, M365 Security suite) Ø Advanced knowledge and use of PowerShell for scripting and Automation Ø Experience in Security and Compliance by Managing Data loss prevention and Data governance. Ø Expertise in configuring and deploying ATP, DLP, and Threat Protection Policies for SPAM, PHISH, and Malware Ø Experience with Microsoft Sentinel and Defender Ø Strong cyber security tool experience, including MS Sentinel, firewalls, IDS/IPS, DNS, EDR/XDR, DLP, and email security Ø Experience with some of the following or similar solutions is highly preferred: Microsoft Windows Information Protection, MCAS, Intune, AirWatch Ø Working knowledge of encryption concepts and implementation methods Ø Knowledge of remote access technologies and implementation of best practices Ø Working knowledge of authentication systems such as LDAP and MS Active Directory Ø Experience using AWS Cloud Security Services (Encryption, IAM, CloudWatch, CloudTrail, WAF, KMS, AWS Config, GuardDuty, Advisor, Inspector, etc.) Ø Working experience in distributed hybrid cloud architectures model with the ability to rationalize security controls across these deployments Ø Experience with regulated systems (NIST SP 800-53, CIS, ISO27001, PCI DSS, CSA) Ø Experience with legal proceedings or giving expert witness testimony Education Qualification: Bachelor’s degree or above in computer science, software engineering, or equivalent. Benefits: Ø We are committed to offering competitive benefits programs for all of our employees, and enhancing our programs when necessary. Ø Have peace of mind and body with our health insurance Ø Make yourself a priority with flexible schedules and leave Policy Ø Drive forward your career through professional development opportunities Achieve your personal goals with our Employee Assistance Program. Powered by Webbtree
