Cybersecurity Automation Engineer

Company: General Dynamics Information Technology
Location: Fayetteville
Posted on: November 21, 2020

Job Description:

REQ RQ66534 Travel Required Less than 10 Requisition Type Regular The Cybersecurity Automation Engineer should be an experienced Security Threat Engineer and will use Splunk Phantom for the engineering and management of all Security Orchestration Automation Response (SOAR). The candidate must have strong technical skills and direct experience with integration and playbook development for the Splunk Phantom solution to support automation for security incident handling, incident response, intrusion analysis, threat hunting, digital forensic analysis, vulnerability scanning, Data Loss Prevention (DLP) and other cyber and information assurance automation functions. Requirements 10 years Cybersecurity experience Security Clearance TSSCI 8570 Certification Minimum certification if IAT level II (one of the following certs, CCNA Security, CySA, GICSP, GSEC, Security CE, SSCP) Level III preferred (CISSP, GCIH, GCFA, GCIA, GNFA, Linux, CCNA RS, Splunk Power User) Experience with Splunk Phantom, Linux, and PowerShell a must Critical Soft Skills Must be able to multi-task and adapt to changing priorities in highly stressful situations Highly resilient and motivated to investigate unfamiliar and anomalous problems in a robust OPTEMPO environment, including follow-through to complete resolution Critical thinking skills required to apply and correlate data from multiple sources to automate and solve complex problems Strong ability to quickly and clearly articulate operational impacts of cyber security incidentsevents to leadership Ability to communicate efficiently and precisely to target audience, as well as build strong rapport with other teams Critical Technical Skills Experience installing and configuring Phantom. Experience with integrating security related use cases into Phantom. Craft reusable, testable, and efficient Python-based Playbooks. Configure and program to enable integration of Phantom with other systems per defined use cases and playbooks. Extend the platform through the development of Security Apps. Train and mentor security development teams on the use and capabilities of Phantom Identify and use existing tools and the Phantom platform to enable automation and orchestration. Work with customer to identify security integration and implementation strategies. Help the customer develop their expertise and knowledge of the Phantom product. This role also includes supporting the definition of requirements that enable creative integrations and playbooks. Partner with security operations teams, threat intelligence groups and incident responders. Codify workflows into automated playbooks using our visual editor or the integrated Python development environment. Experience in integrating and using Phantom s flexible app model, hundreds of tools and thousands of unique APIs (REST and SOAP). bull Experience in developing python scripts, PowerShell and use of Linux commands. bull Drive efficient communications across your team with integrated collaboration tools. bull Experience in using Phantom event and case management to rapidly triage events in an automated, semi-automated, or manual fashion. bull Expertise is Linux, and power shell bull Notify CND managers, CND incident responders, and other team members of suspected CND incidents and articulate the events history, status, and potential impact for further action bull Coordinates with higher authorities on events that involve actual or attempted intrusions, viruses, worms, hoaxes, etc. that occur on the enclaves bull Implement and enforce CND policies and procedures reflecting applicable laws, policies, procedures, and regulations bull Provide incident reports, summaries, and other situational awareness information to higher headquarters bull Manage an incident (e.g., coordinate documentation, work efforts, resource utilization within the organization) from inception to final remediation and after action reporting We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done. GDIT is an Equal OpportunityAffirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

Keywords: General Dynamics Information Technology, Fayetteville , Cybersecurity Automation Engineer, Other , Fayetteville, North Carolina