Security Engineer

Overview:

TekWissen Group is a workforce management provider throughout the USA and many other countries in the world. Our client is a global operator, franchisor, and licensor of hotel, residential, and timeshare properties. The company is primarily focused on management, franchising, and licensing of its lodging properties. It also occasionally develops, acquires or renovates hotel and residential properties, directly and through partnerships, joint ventures, and other business structures with third parties.

Position: Security Engineer

Location: Bethesda MD20817

Duration: 5 Months

Job Type: Contract

Work Type: Remote

Job Description:

Skills Needed for this Role:

Strong verbal and written communication skills with a customer-first disposition They will regularly interface with customers and must be able to translate business requirements to technical requirements/process design and be able to professionally commit those requirements to documentation
Understand agile delivery models, version control, and how to develop in a team environment
Strong in Python (and other scripting languages such as PowerShell, BASH, etc.) and have experience delivering solutions leveraging APIs for process automation.
Experienced with integrations involving critical security infrastructure/platforms such as:
IAM infrastructure (LDAP directories, Active Directory, privilege management systems)
EDR solutions
Vulnerability management solutions
SIEM systems (especially Splunk Enterprise & Enterprise Security)
Experience leveraging APIs for process automation
Security background - Worked in or very closely with security operations functions and they should have familiarity with some (or all) of the following frameworks: ISO 27001:2013, OWASP, MITRE ATT&CK, and NIST CSF
A solid development methodology Design process discipline, where they can lead development from ideation to delivery

JOB SUMMARY

Serves as a Security Orchestration and Automated Response (SOAR) engineer responsible for design, development and implementation of automations that accelerate functions within Client Global Information Security (GIS).

Collaborates with the Security Operations Center (SOC), Cyber Incident Response Team (CIRT) and other functions within GIS to identify inefficient and manual processes that would benefit from automation. Leads security automation playbook development from requirements collection through to implementation.

Education and Experience:

Required:

Bachelor's degree in Computer Sciences or related field or equivalent experience/certification
2+ years of development experience in the following:
Focused development using Security Orchestration and Automated Response (SOAR) platforms
Scripting or programming using Python in a security operations capacity
5+ years of information technology experience, including some or all of the following:
Experience working in or with security functions such as SOC, CIRT, security engineering, risk management, vulnerability management.
Technical infrastructure operations, administration, or engineering
Application or software development
Agile methodology

Preferred Skills/Experience:

Current information security certifications, such as: Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
Development experience on Splunk Phantom SOAR platform
Splunk skills: search, report and dashboard creation
Broad exposure to a wide range of IT security technologies
Development project management
Good written and verbal communication skills and problem-solving ability
Familiar with security operations centers and incident response work

What You'll Be Doing

Working in Splunk's Phantom SOAR platform to develop security automation playbooks.
Meet with GIS teams to identify areas or functions that may benefit from automation.
Catalogue and review any identified security automation use cases with stakeholders to facilitate prioritization with a focus on cyber security risk reduction through efficiency (i.e., time saved, improved response and remediation times).
Lead automation use case/playbook design sessions with stakeholders to map requirements to pseudo-code in flow charts, noting integration requirements and all processes, decision points and outcomes for sign-off prior to development.
Develop automation playbooks using either out-of-the-box (or custom) integrations and functions as outlined in the automation process design.
Collaborate with Security Information and Event Management (SIEM) content developers as needed to support automation integrations and workflows for security personnel.
Develop or update security automation metrics to highlight improvements in efficiency.
Additional responsibilities:
Occasionally participates in the evaluation and selection of security service products pertaining to security automation.
Supports analysis of technology industry and market trends to determine their potential impact on security automation architecture.
Supports life cycle management of the SOAR platform, integrations and related components.
Consults with project, architecture and other engineering teams to identify when it is necessary to modify infrastructure and security services to accommodate automation project needs.
Participates in architecture design and analysis work related to security automation.
Supports, implements and promotes standard configuration and change management, processes and practices.

Tek Wissen Group is an equal opportunity/affirmative action Employer (m/f/d/v) supporting workforce diversity.