Job Description:

The Cybersecurity Automation Engineer should be an experienced Security Threat Engineer and will use Splunk Phantom for the engineering and management of all Security Orchestration Automation Response (SOAR). The candidate must have strong technical skills and direct experience with integration and playbook development for the Splunk Phantom solution to support automation for security incident handling, incident response, intrusion analysis, threat hunting, digital forensic analysis, vulnerability scanning, Data Loss Prevention (DLP) and other cyber and information assurance automation functions.

Requirements

• Security Clearance: TS/SCI
• 8570 Certification: Minimum certification if IAT level II (one of the following certs, CCNA Security, CySA+, GICSP, GSEC, Security+ CE, SSCP) Level III preferred (CISSP, GCIH, GCFA, GCIA, GNFA, Linux+, CCNA R&S, Splunk Power User)
• Experience with Splunk Phantom, Linux, and PowerShell a must

Critical Soft Skills

• Must be able to multi-task and adapt to changing priorities in highly stressful situations
• Highly resilient and motivated to investigate unfamiliar and anomalous problems in a robust OPTEMPO environment, including follow-through to complete resolution
• Critical thinking skills required to apply and correlate data from multiple sources to automate and solve complex problems
• Strong ability to quickly and clearly articulate operational impacts of cyber security incidents/events to leadership
• Ability to communicate efficiently and precisely to target audience, as well as build strong rapport with other teams

Critical Technical Skills

• Experience installing and configuring Phantom.
• Experience with integrating security related use cases into Phantom.
• Craft reusable, testable, and efficient Python-based Playbooks.
• Configure and program to enable integration of Phantom with other systems per defined use cases and playbooks.
• Extend the platform through the development of Security Apps.
• Train and mentor security development teams on the use and capabilities of Phantom
• Identify and use existing tools and the Phantom platform to enable automation and orchestration.
• Work with customer to identify security integration and implementation strategies.
• Help the customer develop their expertise and knowledge of the Phantom product. This role also includes supporting the definition of requirements that enable creative integrations and playbooks.
• Partner with security operations teams, threat intelligence groups and incident responders.
• Codify workflows into automated playbooks using our visual editor or the integrated Python development environment.
• Experience in integrating and using Phantom s flexible app model, hundreds of tools and thousands of unique APIs (REST and SOAP).
• Experience in developing python scripts, PowerShell and use of Linux commands.
• Drive efficient communications across your team with integrated collaboration tools.
• Experience in using Phantom event and case management to rapidly triage events in an automated, semi-automated, or manual fashion.
• Expertise is Linux, and power shell
• Notify CND managers, CND incident responders, and other team members of suspected CND incidents and articulate the events history, status, and potential impact for further action
• Coordinates with higher authorities on events that involve actual or attempted intrusions, viruses, worms, hoaxes, etc. that occur on the enclaves
• Implement and enforce CND policies and procedures reflecting applicable laws, policies, procedures, and regulations
• Provide incident reports, summaries, and other situational awareness information to higher headquarters
• Manage an incident (e.g., coordinate documentation, work efforts, resource utilization within the organization) from inception to final remediation and after action reporting