Washington D.C.

Swimlane SME/SOAR (Security Orchestration Automation and Response) Engineer

Job Specs

Code:
4785702002
Department:
Cyber Defense
Date:
20-07-29
Offices:
Washington, District of Columbia, United States

Job Description:

XOR Security is currently seeking a talented Swimlane SME/SOAR (Security Orchestration Automation and Response) Engineer to support an Agency-level SOC at DHS. The SOC program provides comprehensive Computer Network Defense and Response support through 24×7×365 monitoring and analysis of potential threat activity targeting the enterprise.  Security Engineers will conduct Operations and Maintenance (O&M) of critical security infrastructure for a 24x7x365 SOC environment.

Primary Responsibilities:

  • Automate Security Incident Response processes providing the ability to analyze and resolve alerts from existing security tools leveraging a single stream management system
  • Develop and maintain custom Swimlane applications for IR workflow (e.g. create custom application to automate intelligence gathering)
  • Assist with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions
  • Organization of requirements into user stories that are Independent, Negotiable, Valuable, Estimable, Small and Testable
  • Integrate SOAR platform with other security tools and APIs to execute automated workflows
  • Author, test, and maintain automation scripts/workflows within SOAR platform
  • Design, implement, and maintain efficient and reusable Python code
  • Review, debug, and resolve technical issues throughout all stages of SDLC
  • Coordinate with System Administrators, Engineers, and ISSOs to provision service accounts and/or grant required permissions
  • Measure effectiveness of process improvement and automation efforts via metrics and KPIs

Basic Qualifications:

  • The SOAR Engineer must be a cybersecurity and technical expert with the ability to clearly identify, capture, articulate, design, implement, and maintain security operations uses cases, including developing integration code to provide interoperability between disparate IT and security solutions and infrastructure components.
  • The SOAR Engineer must have a solid background in cybersecurity technologies, including deploying enterprise platforms, conducting demonstrations, creating product documentation, training security analysts, and sustaining enterprise technology services.
  • Engineer must have an understanding of security operations, incident response, threat management, and enterprise IT and security engineering.
  • The SOAR Engineers provide expert support for the analysis, development and integration of the Swimlane SOAR Platform along with providing technical expertise to operational users.
  • Works on complex technical problems and provides innovative solutions. Develops advanced technological ideas and guides their development into a final product.

Required Qualifications:

  • Bachelor’s degree in Computer Science, Engineering, or related field.
  • Expert proficiency in Python scripting Working knowledge of REST APIs, JSON, HTML/CSS, Javascript, XML
  • Experience deploying in high availability environments using Kubernetes
  • Experience managing and maintaining MongoDB General networking knowledge to include operation of routers, firewalls, DNS, DHCP, subnetting, VPNs and Web Proxies

Preferred Qualifications:

  • Swimlane Certified SOAR Administrator (SCSA)
  • Swimlane Certified SOAR Developer (SCSD)
  • Proven experience deploying and supporting Swimlane Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED and Public Trust Clearance.