Senior Security Orchestration Automation Engineer
5 - 7 years experience • Professional, Scientific & Technical Services
Secureworks (SCWX-NASDAQ) is a global leader in intelligence-driven information security solutions. We help organizations confidently pursue business goals in a digitally-connected world. Consistently recognized by industry analysts and readers’ polls, we are one of the best in the world at understanding and anticipating threat behavior. We see 250 billion events every day across 4400 clients in more than 55 countries, and our solutions work across all the layers of a client’s security environment, including 330 different vendor technologies. Join a talented, dedicated, and diverse team of researchers, analysts, engineers, consultants and business professionals who are focused 100% on protecting our clients from cyberthreats. We seek out the brightest minds and empower our teams with the tools and support they need to fight the bad guys and maintain our company’s leadership in the cybersecurity industry.
Uniquely positioned to adapt as the industry evolves, we are also proud to be part of the Dell Technologies family. We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.
Automation and Orchestration Sr. Engineer review and consume reports and artifacts relating to the tactics techniques and procedures of threat actors and design automated actions to accelerate the validation, containment, eradication and remediation of security incidents. Automation and Orchestration engineers will be familiar with many leading security tools and industry standard scriptinglanguages. Automation and Orchestration engineers will create, maintain and manage a library of response plans to common information securitythreats and customize these plans for client specific environments.
- Perform regular updates of existing Playbooks based on changes in the Threat Landscape or a clients security controls.
- Drive continuous improvement of existing playbooks to address new threats and tactics employed by attackers.
- Manage an inventory of subtasks that enable broader playbook creation.
- Produce new playbooks as threats change and new security tools and controls emerge in the market place.
- Perform regular reporting on the usage of playbooks and the effectiveness of a playbook to conclusion.
- Develop logic that bridges connectors, tasks and human input to accelerate the response to escalated security incidents.
- Develop connectors that collect enrich and leverage data from third party and proprietary webservices.
- Participate in client meetings to further optimize their specific operational plan based on our best practices and operational learnings.
- Familiar with Ansible
- Like to have one of the following: Phantom, Demisto, Swimlane
- Proven background in creating automation tools, automating web based services is a plus.
- Familiarity with *nix-based command line tools.
- Solid knowledge of REST API best practices and usage.
- Strong technical communication skills, both written and verbal.
- Effective time management and organizational skills.
- Team player with the ability to work autonomously in a fast-paced, dynamic environment, often with ambiguity.
- Passionate about information security and service excellence.
- Ability to travel occasionally for client-site visits, team on-sites and strategic planning.
Job ID: R43488