Vacancy expired!
- Develop automation playbooks using modern SOAR Platforms (for example, ServiceNow SOAR, Phantom, Swimlane) to support Security Operations
- Design and Develop Integration solutions to other security appliances such as Exabeam, Chronical, Crowdstrike, Splunk ES by leveraging SOAR Platform
- Test, customize and master APIs for off-the-shelf and common security and IT tools
- Manage any in scope solution projects (integration/ implementations)
- Manage communications with vendors, 3rd party service providers, Deloitte leadership, and client personnel when required
- Analyze complex issues to determine client impact and to suggest alternative solutions based on client needs and objectives
- Contribute to team and organizational improvements in process and infrastructure
- Design, implement, and maintain efficient and reusable Python code
- Review, debug, and resolve technical issues throughout all stages of SDLC
- Integrate SOAR platform with other security tools and APIs to execute automated workflows
- Assist with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions
- Measure effectiveness of process improvement and automation efforts via metrics and KPIs
- Expert in creating, modifying, tuning IDS signatures/SIEM Correlation Searches/yara rules and/or other detection signatures
- Familiarity with disk based forensic methodologies, Windows, and Linux forensic artifacts
- Experience with Endpoint Detection and Response (EDR) tools such as Carbon Black, Tanium, Crowdstrike, etc.
- Able to create, modify, update, and maintain Python and PowerShell scripts that enhance endpoint detection capabilities
- In-depth knowledge of attacker tactics, techniques, and procedures
- Bachelor of Science with a concentration in computer science, information systems, information security, or engineering disciplines or equivalent work experience
- Minimum 3 years of experience with Splunk operations and maintenance including 2 or more years of Splunk Phantom Engineering
- Understanding of the full software development life cycle: Analysis, Design, Coding, Testing and promotion into Production.
- Understanding how modern software architectures works (client-server, Web technology, micro-services)
- Understanding of basic SOAR technologies (Security Orchestration and Automation Response) systems
- Understanding of common network infrastructure devices such as routers and switches
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Basic knowledge of cloud infrastructure and operations, system security architecture, and security solutions
- Strong programming experience solving technical challenges
- Database technologies proficiency: SQL, NoSQL, or PostgreSQL
- Understand multi-process architecture
- Professional experience with Code Repositories and Version Control "GitHub Preferred"
- Working knowledge of SOAP/REST APIs, JSON, HTML/CSS, JavaScript, XML
- Experience as a SOC Analyst and/or Incident Responder
- Authored SOC SOPs, playbooks, work instructions and/or other process documents
- Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)
- Self-starter with the ability to independently prioritize and complete multiple tasks with little to no supervision
- Knowledge of Cloud Services such as AWS, Azure, Office365
- Ability to script in one more of the following computer languages Python, Bash, Visual Basic or Powershell
- Knowledge in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
- Knowledge of Advanced Persistent Threats (APT) tactics, techniques and procedures
- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
- 5+ years working in security information and/or technology engineering support experience
- Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Incident Handler (GCIH), Certified Ethical Hacker (CEH) or equivalent
- Experience with security operations technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, Advanced Persistent Threats (APT)
- Strong understanding of threat analysis and enterprise level mitigation strategies and frameworks like "MITRE"
- Working knowledge of cyber threats, defenses, motivations, and techniques
- Excellent interpersonal and organizational skills
- Excellent oral and written communication skills
- Strong analytical and problem-solving skills
- Self-motivated to improve knowledge and skills
- A strong desire to understand the root cause of security incidents along with identification of threat vectors
- Experience with Apache Nifi and secure Nifi registry
- Knowledge of web application frameworks: Flask, Django etc. for dashboard/ widget development
- ID: #43704468
- State: California Costamesa 92626 Costamesa USA
- City: Costamesa
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2022-06-30
- Deadline: 2022-08-28
- Category: Et cetera