Cyber Security Senior Automation Specialist

工作内容

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA Objective. Responsive. Trusted.SPA has an immediate need for a Cyber Security Senior Automation Specialist to provide contracting services to NATO.Incumbent will provide technical subject matter of expertise for automation of incident detection and response, business reporting, situational awareness as member of the Cyber Security Service Line. In addition to main responsibilities, incumbent will be also focal subject matter expert in project and exercise support activities within the team.

• Create automated detection and response capabilities using SIEM, SOAR and other available toolset.
• Develop tools, scripting, automation and integrations to automate activities as much as possible, mostly using Splunk Phantom, Python, Bash and PowerShell
• Develop and maintain SOAR playbooks.
• Create and optimize SIEM content based on use cases provided by other team members as requested.
• Create dashboards and reports for situational awareness purposes.
• Create technical reports for business and performance reporting. Share business information with stakeholders via dashboards and technical reports.
• Support project activities as end user representative for the team when needed.
• Propose possible optimisations and enhancements to both maintain and improve NATO’s Cyber Security posture.
• Support threat hunting activities by gathering and correlating data using multiple resources.
• Identify and track temporary deficiencies in security tool posture for situational awareness purposes.
• Participate in, or support a Cyber Security Response Team designated to provide Cyber Security Incident Response happening on one or multiple physical locations, including NATO Alliance Operations and Missions

Required Qualifications

• A university degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 4 years of specific experience.
• Exceptionally, the lack of a university degree may be compensated by the demonstration of at least 7 years extensive and progressive expertise in the duties related to the function of the post.
• Detailed knowledge of Security, Orchestrations, Automation and Response (SOAR) concepts and their benefits to the protection of CIS infrastructures.
• Detailed knowledge and demonstrable experience on scripting languages and integration tools including Python, PowerShell and Bash
• Hands on experience with Splunk ES suite and Phantom SOAR
• Good understanding of cyber security event triage, analysis and response.
• Good understanding of the network security devices and log sources used in SIEM.
• Good understanding of communication mechanisms on modern internet-facing systems.
• National of one of the 31 NATO countries.
• In possession of an active National and/or NATO Secret security clearance

Desirable Qualifications

• Expert level of knowledge and demonstrable experience with Splunk ES suite and Phantom SOAR
• Expert level of knowledge and demonstrable experience Python scripting language and related frameworks
• Demonstrable experience cyber security event triage, analysis and response.
• Industry leading certification in the area of Cybersecurity.
• A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)