Dir. DDIT ISC CSOC Automation Engineering

Job Description Summary

The Automation Engineering Service is integral to CSOC operations, encompassing the planning, development, testing, operationalization, and tuning of automation content for functions such as detection, investigation, hunting, forensics, and engineering. Responsibilities include planning, developing, testing, operationalizing, and maintaining CSOC ticketing systems for all teams, defining and measuring performance KPIs, and delivering timely reports to CSOC stakeholders and senior leaders. The role necessitates interfacing with various CSOC stakeholders to align initiatives, gather feedback, and continuously enhance services. Additionally, it involves researching new tools and techniques to bolster CSOC’s capabilities in monitoring, detecting, and responding to cyber threats, as well as monitoring the health of automation content to detect anomalies that could impact CSOC performance.

 

Job Description

Major accountabilities:

• Talent and Growth.
• Manage and mentor associates and team leaders.
• Plan and implement technical and nontechnical development strategies for continuous development of CSOC analysts and leaders strategy and direction.
• Automation engineering service involves planning, developing, testing, operationalizing, and tuning automation content for CSOC functions like detection, investigation, hunting, forensics, and engineering.
• Plan, develop, test, operationalize, and maintain CSOC ticketing for all teams.
• Define and measure performance and effectiveness KPIs; develop and deliver timely reporting to CSOC stakeholders and senior leaders.
• Interface with other CSOC stakeholders to align on initiatives; proactively gather feedback; adjust and improve service continuously.
• Research new tools and techniques to improve overall CSOC ability to monitor, detect, and respond to cyber threats.
• Monitor health of automation content to detect outages, spikes, or other anomalies that may impact CSOC performance.

Key performance indicators:

• Evaluate and review SOAR team performance
• Effectively and efficiently design and implement process automations, create supporting technical documentation and redundancy controls.
• Accurately troubleshoot to diagnose and resolve problems with process automations, case management issues, scripts, and other custom solutions that support CSOC operations.
• Identify technology and process gaps that affect CSOC services; develop solutions and make recommendations for continuous improvement.
• Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across IT, OT and Medical Technologies.

Minimum Requirements:
Experience:

• 10+ Years work experience.
• 4+ Years Python scripting or other similar coding experience.
• Experience with Python and Splunk.
• Experience planning, designing, developing, and testing automation solutions with SOAR platforms (Cortex, Phantom, FortiSOAR, etc).
• Experience developing solutions with SIEM tools (Splunk, QRadar, Sentinel, etc.).
• Experienced IT administration with broad and in-depth technical, analytical and conceptual skills.
• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in-depth risk management background) on incident response topics.
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related and incident response concepts to technical as well as nontechnical audiences.
• Proven experience to initiate and manage projects that will affect CSOC services and technologies.

Skills:

• Understanding of SOAR architecture components, including technology integrations, common automation scenarios and solutions.
• Understanding of configuration files and relationship between GUI configuration and backend configuration file impact.
• Experience with software development lifecycle and user acceptance testing.
• An understanding of error messages and logs displayed by various software.
• Ability to troubleshoot, diagnose and solve issues independently.
• Self-learner, ability to document learning as experience is gained.
• Understanding of network protocols and topologies.
• Strong technical troubleshooting and analytical skills.
• Experience with platform and application automated deployment and version control software e.g. (Ansible, Git, Bitbucket).
• A knowledge of the MITRE ATT&CK framework is beneficial.
• Ability to prioritise workload.
• Excellent written and spoken English.
• Calm and logical approach.

Languages :

• English.

 

Skills Desired

Communication Skills, Cyber-Security Regulation, Cyber Threat Hunting, Cyber Threat Intelligence (Cti), Cyber Threat Management, Cyber Vulnerabilities, Decision Making Skills, Influencing Skills, Information Security Risk Management