Principal Incident Response and Automation Developer

Bring your IT career and talents to CDW, where you can have a greater impact, be inspired by our mission and excited about your career and future. A Fortune 200 leader, we’re the driven professionals and technology experts companies turn to most to solve their IT challenges.

Join CDW and help protect delivery of full stack technology solutions and global services for 250K+ customers—including corporate enterprise, government, education, and healthcare industries. You will be on a team dedicated to collaborative delivery of a new global information\ security strategy, operating model, and objectives to accelerate CDW’s business goals in a secure way.

What you will do: Your role at CDW is of the utmost importance to the company’s mission, objectives, and reputation. As a Principal of Incident Response and Automation Development, you will play a pivotal role in identifying and analyzing cyber threat tactics, techniques, and procedures—ensuring proactive detection capabilities by leveraging automation to aid the global threat detection and response mission. Your responsibilities include four parts:

Key Areas of Responsibilities

Threat Detection and Response

• Develop incident response methodologies to triage cybersecurity events and incidents for other members of a growing team
• Collaborate with other coworkers and teams to develop and deploy cybersecurity countermeasures during cybersecurity events and incidents.
• Perform post event and incident analysis to prevent re-occurrence.
• Perform after action analysis to identify areas and opportunities of improvement to reduce the chance or impact of future events and incidents.
• Build/Define and standardize procedures and processes for triage methods.

Automation Development

• Lead the integration of current technologies with SIEM and SOAR platforms.
• Design and implement the architecture and analysis efforts related to incident response automation.
• Develop automation playbooks using out-of-the-box or custom integrations and functions.
• Develop custom integrations and automation using scripting languages such as Python and/or PowerShell.
• Lead automation use case/playbook design sessions.
• Troubleshoot issues related to automation processes or tools.
• Develop documentation related to automation processes and procedures.

Proactive Threat Detection Engineering

• Develop threat detection rules and use cases based on the latest threat intelligence and operational changes within CDW’s global technology ecosystem.
• Collaborate with cybersecurity coworkers to develop and implement effective defensive strategies against current and emerging threats.
• Provide technical guidance and mentorship to junior team members.
• Drive and guide purple team exercises to help test and improve detection capabilities.
• Develop and monitor metrics and key performance indicators to measure the effectiveness of the threat detection program.

Threat Hunting

• Build and execute regular threat hunting campaigns focused on current, emerging, and obscure tactics, techniques, and procedures.
• Proactively search for, identify, and analyze new and existing techniques to detect advanced and targeted threats.
• Utilize advanced threat hunting techniques to detect anomalies and suspicious activities that may indicate a compromise.
• Develop and maintain threat hunting playbooks, procedures, and best practices to enhance the efficiency and effectiveness of the threat hunting program.
• Collaborate with other cybersecurity professionals, including CDW’s Cybersecurity Services team to scale threat hunting outcomes and insights.

What we expect of you:

Who you are:

• You thrive on making an impact—for your team, your company, and the industry.
• You are extremely hands-on with a passion for technology.
• You do not accept the status-quo, and always strive to improve.
• You are eager to learn and seek professional development continuously.
• You are resourceful, open-minded, analytical and enjoy solving complex problems.
• You are diligent and self-motivated.

What we are looking for:

• Bachelor’s Degree and 10 years of experience within Information Security, or 14 years of experience within Information Security.
• Strong understanding of advanced threat hunting techniques, including the use of EDR tools, network traffic analysis, and other techniques.
• Experience developing cybersecurity platforms using CI/CD tools and practices.
• Experience with threat intelligence platforms, SIEM, and other cybersecurity tools and technologies such as the following: Microsoft Defender, CrowdStrike XDR, Palo Alto XSOAR, Microsoft Sentinel, Microsoft Azure Active Directory, Splunk Enterprise Security.
• Strong analytical and problem-solving skills, with the ability to think strategically and creatively.
• Current and relevant cybersecurity certifications such as the following are a plus: GIAC Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), Microsoft Azure, etc.
• Experience with the Mitre ATT&CK framework and techniques.
• Proven experience in a creative and dynamic work environment.
• Flexibility to adapt to new situations and challenges.
• Excellent written and verbal communication skills.

Pay range: $143,000.00 - $ 233,400.00 depending on experience and skill set 
Annual bonus target of 10% subject to terms and conditions of plan 
Benefits overview: https://cdw.benefit-info.com/ 
Salary ranges may be subject to geographic differentials  

Who we are:
CDW is a leading technology solutions provider to business, government, education and healthcare organizations across the globe. Our fingerprints can be found on technology in workplaces of more than 250,000 companies; from fresh-faced start-ups to international conglomerates. With the breadth of products and services we offer, there is no request too big or too small. 

What you can expect from us: Culture, coworkers, careers. 
CDW is not only the People Who Get IT but the People who get People. Our relationships are fueled by our deep expertise and grounded in the CDW Way. Our empowering leadership makes things happen and inspires their teams to do the same. From the teammates beside us to the leaders who guide us, we move forward together. At CDW, you’ll work with people who inspire you. People with positive, success-driven attitudes who you will learn from and forge strong relationships with. Bring your best true self—and your best ideas—to CDW. Because diverse perspectives bring forth better problem solving—and better solutions for our customers on a rapidly evolving technology landscape.
 

Equal Opportunity Employer, including disability and protected veteran status

Benefits overview: https://cdw.benefit-info.com/