About the Role:
The Global Security Office is currently seeking candidates for an experienced SOC Orchestration Engineer. This is an opportunity to make your ding in the security universe and work with an industry leading group of cybersecurity professionals at Symantec, supporting full life cycle cybersecurity operations.
We are seeking an individual that can bring in-depth security engineering, automation, and incident response experience to support daily operations and help grow and mature our current SOC environment. As a Principal Security Engineer for Security Orchestration Automation and Response (SOAR) you will directly support the Security Operations Center by driving the vision and development of Symantec’s SOC orchestration capabilities including triage, hunting, and incident response.
- Lead the vision, development and operations of Symantec’s SOC orchestration automation and response infrastructure
- Work closely with Symantec’s SOC to develop and implement playbooks for automation
- Work with organizations within Symantec’s security organization as well as throughout the company and outside vendors to connect the SOC automation service to additional security and IT services.
- Be the champion of SOC automation and find creative solutions to increase the effectiveness of detection and response capabilities while reducing analyst fatigue and burnout by increasing their efficiency.
- 5+ years of experience building SOC technologies, incident response workflows, enterprise securityarchitecture or related fields
- Technical knowledge in a wide range of enterprise security devices, security feeds, and enterprise IT services
- Experience building and maintaining mission critical security services
- Experience building complex distributed systems
- Experience end to end systems debugging including *nix and network level issues
- Python application and script development
- Strong understanding of threat models, adversary tactics and methodologies, and threat intelligence
- Outstanding leadership experience and the ability to drive complex project requirements across a heavily matrixed organization
- Experience using Phantom for SOC orchestration
- Working understanding of the MITRE ATT&CK framework
- Working understanding of incident response, hunting methodologies, and purple teaming
- Software development experience include source code management and continuous delivery pipelines
- Microservice architecture and operations experience including Docker, Kubernetes, Mesos, or ECS
- Service orient architecture development and/or operations experience