Cybersecurity Automation Engineer
General Dynamics Information Technology · Fort Liberty, North Carolina, United States · 1 wk ago
Engineering$128k–$173k/yrFull-time
Key Responsibilities
- Engineer and manage all SOAR using Splunk Phantom.
- Integrate security use cases into Phantom.
- Develop reusable, testable, and efficient Python-based Playbooks.
- Configure and program to enable seamless integration of Phantom with other systems.
- Extend the platform by developing Security Apps.
- Train and mentor security development teams on the capabilities of Phantom.
- Use available tools and the Phantom platform to enable automation and orchestration.
- Collaborate with the customer to identify security integration and implementation strategies, developing their expertise in Phantom.
- Define requirements for creative integrations and playbooks.
- Partner with security operations teams, threat intelligence groups, and incident responders.
- Drive efficient communication with integrated collaboration tools.
- Utilize Phantom event and case management for rapid triage of events.
- Notify CND managers, incident responders, and team members of suspected CND incidents and provide detailed event histories, statuses, and potential impacts.
- Implement and enforce CND policies and procedures adhering to applicable laws and regulations.
- Provide incident reports, summaries, and situational awareness information to higher headquarters.
Required Qualifications
- 8+ years of relevant experience.
- 8570 Certification: Minimum certification IAT level II (e.g., CCNA Security, CySA+, GICSP, GSEC, Security+ CE, SSCP); Level III preferred (e.g., CISSP, GCIH, GCFA, GCIA, GNFA, Linux+, CCNA R&S, Splunk Power User).
- Experience with Splunk Phantom, Linux, and PowerShell.
Preferred Qualifications
- Experience installing and configuring Phantom.
- Experience in integrating security use cases into Phantom.
- Expertise in developing Python scripts, PowerShell, and using Linux commands.
Critical Soft Skills
- Ability to multi-task and adapt to changing priorities in highly stressful situations.
- Highly resilient and motivated to investigate unfamiliar problems in a high OPTEMPO environment.
- Critical thinking skills for applying and correlating data from multiple sources to solve complex problems.
- Strong ability to articulate operational impacts of cybersecurity incidents/events to leadership.
- Effective communication skills and the ability to build strong relationships with other teams.