Security Automation and Orchestration Engineer, Mid

Key Role:

Work with experts from Booz Allen’s engineering team to solve a client’s most complex security automation, and orchestration challenges using tools, including Splunks Phantom, ServiceNow SecOps, and other security operations tools as a security orchestration, automation, and response (SOAR) engineer. Review procedures relating to Cyber threat intelligence, monitoring, incident response, attack surface reduction, and design automated actions to accelerate the triage, validation, eradication, and remediation of security incidents. Leverage expertise in leading security operations tools and industry standard scripting languages to effectively write playbooks in Phantom. Create, maintain, and manage a library of automated playbooks for common information security threats and customize these plans for client specific environments.

Basic Qualifications:
-Experience with consulting, client environments, and IT security tools

-Experience with Splunk Phantom and ServiceNow SecOps, including writing Splunk Phantom playbooks, troubleshooting, training, or supporting technical requests

-Experience with object-oriented languages including Python, JS, or Go

-Experience with Cybersecurity tools including FireEye, PhishMe, Symantec DLP, ForeScout, Symantec, Check Point, McAfee, Carbon Black, CrowdStrike or Splunk

-Knowledge of security operations centers (SOCs) and incident response processes and procedures
-Knowledge of software development and agile methodologies

-Knowledge of general concepts around risk and threat management and associated frameworks and standards, including NIST, OWASP, and ISO

-HS diploma or GED

Additional Qualifications:

-5+ years of experience with security engineering in the information security field

-Experience in working with SIEM log aggregation, Elastic tools, including Kibana, Search, and LogStash, open source security software, and general data management concepts

-Experience as a SOC analyst or manager and authoring security runbooks, playbooks, procedures, and SOPs used in a SOC

-Ability to perform regular updates of existing playbooks, including continuous improvements based on changes to requirements as driven by the security operations teams or the toolset in use

-Ability to help manage an inventory of integrations that enable broader playbook creation and work on developing connectors with tools to effectively enable end to end automation of security operations procedures

-Ability to participate in client meetings to further optimize their specific operational plan based on our best practices and operational learnings

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.