Job Description :
Role: Demisto Developer / SOAR-Security Orchestration, Automation and Response-Lead (DPM)
Location: Philadelphia, PA
JD:
Must have Demisto & SOAR expertise for
· Implementation
· Integration with different solutions (SIEM, Ticketing System, Security Devices)
· Deploy & Enable Playbooks /runbooks
· Develop Architecture Diagrams & Documentation
· Knowledge of Different Security controls and mechanisms
· Programming / Scripting in Python, JAVA, Ruby etc
· Experience developing integration solutions with web service APIs using REST/JSON.
· Work directly with Security Information and Event Management (SIEM) Team and other security product owners to architect an end to end automation solution such as:
Enrich SIEM events with data from systems like LDAP, VirusTotal and others
Manage and write Smart responses/post processors for SIEMS alarms
Contextualize alarms by looking at various data points and ascertain threats and alerts appropriately
· Work with Incident Response teams to develop correlation rules and corresponding incident response workflows/playbooks
· Experience with networking, network protocols & security infrastructures
· Strong application and infrastructure knowledge; e.g. Tomcat, PostgreSQL, SAML, IMAP, LDAP, Active Directory, SSO.
· Development Environment knowledge in linux, bash shell programming, git, gradle, virtual machines and Docker.
· Working knowledge of Networking concepts (firewalls, DNS, IP addressing, SSL/TLS and certificates
· Excellent written, verbal communication skills, ability to effectively coordinate multiple priorities in a dynamic environment, strong analytical and negotiating skills & excellent organization and interpersonal skills required
- 10+ years of Security Operations Experience specially working in SOC
- 3+ years of Experience in operating and creating playbooks for Security Orchestration Platform