Cortex XSoar Engineer/Support-Secret Clearance -Mid/Senior

Thanks for your consideration. Please apply for further information Term: 12+ Month ContractVertical Services$: Open on LevelLocation: On/Off Site-San AntonioRole : Xsoar/Soar EngineerSecret Clearance (or greater) would be ideal for this customer's need.

• Leading XSOAR technical implementation and automation operations for the CSIRT intrusions team.
• Creating documentation and implement XSOAR playbooks using Intelligence Driven Defense, and Defense in Depth methodologies.
• Communicating effectively in crisis situations within all levels of the organization.
• Supporting enterprise incident response efforts.
• Employing automation of advanced forensic tools and techniques for attack reconstruction and intelligence gathering.
• Proactively researching emerging cyber threats.
• Applying analytical understanding of attacker methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.
• Collaborating using information and knowledge sharing networks and professional relationships to achieve common goals.
• Providing on-call support for incident response efforts outside of core hours, as required.
• Mentoring junior and senior colleagues technically and conceptually.
• Strategically leading groups of all sizes to manage long and short-term projects.
• Driving advanced countermeasures through to completion.
• Innovating and delivering new types of countermeasures.
• Increasing the outreach of the team internally and externally through shared intelligence and presentations.

• BS Degree and 12+ years relevant experience in cyber security or network defense, or 5+ years’ experience with relevant certifications (CISSP, SANS GIAC, CEH, etc.).
• Experience in cyber security engineering automation and orchestration platforms, specifically XSOAR (formerly known as Demisto).
• Experience debugging software and determining the root cause.
• Programming experience in Python.
• Experience and familiarity with IDS/IPS, SIEM, Splunk and endpoint solutions.
• Experience supporting and contributing to incident response activities
• Strong understanding of Operating Systems and Network Protocols.
• Proficiency with Microsoft Windows administrative tools, and the Unix/Linux command line.

• Understanding of behavioral based threat models, including ATT&CK, Cyber Kill Chain, Diamond Model, etc.
• Experience with Splunk or other SIEM-type platforms.
• Experience in conventional network/host-based intrusion analysis, digital forensics, or malware analysis.
• Capable and comfortable communicating actionable threat intelligence to both technical and executive-level stakeholders.
• Experience defending large cloud infrastructures, including AWS, Azure, etc.
• Experience developing solutions in the cloud, including AWS, Azure, etc.
• Experience using and integrating with various open-source intelligence (OSINT) sources.
• Ability to create, modify, and implement both Snort and YARA signatures.
• Published research papers at conferences or through other mediums (blogs, articles).
• Working knowledge of Computer Network Exploitation (CNE), Computer Network Attack (CNA) and Computer Network Defense (CND) tools and techniques.