Job Description :
Title: Senior Security Engineer Location: Woonsocket RI Team: SOAR (Security Orchestration, Automation, and Response) 2 total team members Duration: 3 months to start, high possibility to extend and/or convert. Their Key focus would be a combination of someone with previous SOC experience, experience with Splunk or Phantom, and experience with Python scripting or RegEx Must be able to convert without sponsorship A successful Sr. Security Engineer candidate will have a career focus in one or more of these 3 key areas: SOAR - Security Orchestration Automation Response scripting via a platform like Swimlane, Phantom, or Demisto SIEM Content creation, tuning & development, via a platform like Qradar, SplunkES, or ArcSight ESM Cloud Security, as it relates to monitoring for and investigating cloud security incidents Interview Process: Two rounds of technical interviews SOAR is another word for Phantom product that can automate some their SOC work. Might need a particular URL or Domain and automate that in the system could be as easy as that. Need a strong SOC candidate who can help with this automation process Looking for someone who has SOAR automation work experience preferably Phantom (Splunk) or Siemplify experience (open source SOC) Strong python coding skills, someone who has experience with Splunk is definitely helpful Security background worked as a SOC analyst or security engineer in the past, understand the security concepts what is important, what is not important and understand workflows within SOC Interfacing with SIEM team from an API perspective to get information around automated security tooling Work with other security teams internally at CVS too help set up actions and tooling with them could be anywhere from the cloud or on-prem device . Hook into the infrastructure in the cloud like Azure or AWS proper or could be very tool specific log into an ITS network device where they need to block or change a piece of the automation process so working with all of these security teams and getting hooked up to their infrastructure Job Description As a Sr. Security Engineer, you will be working for a team that is responsible for developing SIEM content to monitor and detect cyber security threats & incidents, and for building out semi-automated response capabilities for these threats in a SOAR platform. You will be part of the first line of defense for the enterprise cyber security posture, and you will be responsible for SIEM content management, content creation, rule tuning, reporting, and process documentation. Fundamental Components: Additional responsibilities of the Sr Security Engineer may include: Handle cloud-based security incidents from identification through containment, eradication, recovery, and reporting Performing inbound security event analysis in an industry-leading SIEM to investigate and respond to security incidents, as well as to identify tuning, use case, automation, process improvement, and content development opportunities Creating and performing review and validation of daily compliance reports to track business as usual and out of policy activities Creating thorough Use Case, Playbook, Standard Operating Procedures (SOPs) and training documentation Identifying cyber security processes that can be improved through automation, and then working collaboratively with network security, engineering, product & infrastructure teams to build automated tasks for security appliances via API calls that leads to practical process improvements and improves overall security effectiveness Researching new security technologies and their applications to SIEM, SOAR, and cloud environments Working with the Security Operations Center (SOC) to identify content improvement opportunities Assisting the SOC with searches by acting as an expert in Splunk Search Language Participating in an on-call rotation that provides 24/7 support Writing scripts to automate daily SOC tasks Mentor and teach junior and mid-level analysts Background Experience Required Qualifications 5+ years of IT experience 3+ years of Cyber Security experience 1+ years of experience and knowledge of three or more of the following security-related technologies in a professional or academic setting: Intrusion Prevention Systems, Security Automation Orchestration, Cloud Security, SIEM, EUBA, Web Proxies, Firewalls, Web application scanners, Sandboxes, Scripting, Vulnerability Scanners, Malware Research Tools or Forensics Tools Preferred Qualifications Prior SOC or Cyber Security Analyst experience in a SIEM oriented team Knowledge of cloud computing and cloud technologies Scripting or development experience, with a strong understanding of Python and PEP 8 standards. Possess the ability to take the lead on investigative analysis and incident research One or more certifications, including but not limited to Network+, Security+, CySA+, CCSP, CCSK, GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH, CISSP, SplunkES Admin, AWS, Microsoft Azure Security Engineer or equivalent. Strong understanding of networking concepts & protocols (TCP/IP, UDP, DNS, DHCP, HTTP, etc Strong knowledge of operating system architecture (Windows, UNIX, Linux) Additional Job Information An ideal candidate is detail-oriented, has an interest in automation, continual process improvement, emerging cyber security trends, and strong communication skills.
             

Similar Jobs you may be interested in ..