Security Automation and Orchestration Engineer

Key Role:

Work with experts from Booz Allen’s engineering team to solve a client’s most complex security automation and orchestration challenges using tools that include Splunk>Phantom, ServiceNow SecOps, and other security operations tools as a Security Orchestration, Automation, and Response (SOAR) engineer. Review procedures relating to Cyber threat intelligence, monitoring, incident response, attack surface reduction, and design automated actions to accelerate the triage, validation, eradication, and remediation of security incidents. Leverage expertise in leading security operations tools and industry standard scripting languages to effectively write “playbooks” in Phantom. Create, maintain, and manage a library of automated playbooks for common information security threats and customize these plans for client specific environments.

Basic Qualifications:
-Experience with consulting, client environments, and IT security tools

-Experience with Splunk>Phantom and ServiceNow SecOps, including writing Splunk>Phantom playbooks, or troubleshooting, training, or supporting technical requests

-Experience with object-oriented languages, including Python, JS,  or Go

-Experience with one or more of the following Cybersecurity tools: FireEye, PhishMe, Nexpose, Symantec DLP, ForeScout, ZScaler, Palo Alto, BlueCoat/Symantec, Check Point, McAfee, Carbon Black, CrowdStrike, Splunk, Cisco SourceFire, RSA Archer, ServiceNow, or AppSpider

-Knowledge of Security Operations Centers (SOCs) and Incident Response processes and procedures
-Knowledge of software development and agile methodologies

-Knowledge of general concepts around risk and threat management and associated frameworks and standards, including NIST, OWASP, and ISO

-HS diploma or GED

Additional Qualifications:

-5+ years of experience with security engineering in the information security field

-Experience in working with SIEM log aggregation, Elastic tools, including Kibana, Search, and LogStash, open source security software, and general data management concepts

-Experience as a SOC analyst or manager and authoring security runbooks, playbooks, procedures, and SOPs used in a SOC

-Knowledge of TCP/IP protocols and application layer (L7) protocols, including HTTP, FTP, or DNS

-Ability to work in an agile manner to produce new playbooks and automate manual security operations procedures per the backlog and as requirements from security operations teams, as new security tools and controls emerge in the marketplace

-Ability to perform regular updates of existing playbooks, including continuous improvements based on changes to requirements, as driven by the security operations teams or the toolset in use

-Ability to help manage an inventory of integrations that enable broader playbook creation and work on developing connectors with tools to effectively enable end to end automation of security operations procedures

-Ability to participate in client meetings to further optimize their specific operational plan based on our best practices and operational learnings

-BA or BS degree in CS, Computer Engineering, Software Engineering, EE, Computer and Information Security, Computer Security, or Network Administration preferred; MA or MS degree in CS, Computer Engineering, Software Engineering, EE, Computer and Information Security, Computer Security, or Network Administration a plus

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.