Scope of Work:
- Develop and maintain automation scripts and tools to streamline security operations and response processes, reducing manual tasks and improving efficiency.
- Collaborate with cybersecurity analysts and IT teams to identify repetitive and time-consuming tasks that can be automated, such as alert triage, incident response actions, and reporting.
- Design, test, and implement automation workflows using scripting languages (e.g., Python, PowerShell) and automation platforms (e.g., Phantom, Ansible) to integrate security tools and systems.
- Work closely with the security engineering team to integrate and automate security scanning tools, vulnerability management systems, and other security solutions within the CSOC environment.
- Contribute to the continuous improvement of the security incident and event management (SIEM) system by automating the ingestion, parsing, and normalization of log data from various sources.
- Develop and maintain documentation for automation scripts, workflows, and procedures to ensure clarity and consistency in automated operations.
- Monitor the effectiveness of automation strategies and tools, making adjustments and updates as necessary to address new security challenges and operational needs.
- Participate in security incident response efforts, leveraging automation to accelerate detection, analysis, and remediation activities.
- Stay abreast of the latest cybersecurity threats, technologies, and automation best practices, incorporating innovative approaches into the CSOC's automation strategy.
- Engage in knowledge sharing and training sessions with CSOC team members to increase awareness and understanding of automation capabilities and benefits.
Skills
Skills:
- Proficiency in scripting languages such as Python, PowerShell, or Bash, for automation and tool integration.
- Experience with automation and orchestration tools (e.g., SOAR platforms, Ansible, Terraform) in a cybersecurity context.
- Strong understanding of cybersecurity principles, technologies, and practices, including threat landscapes, security monitoring, and incident response processes.
- Ability to design and implement efficient, reliable automation workflows.
- Excellent problem-solving skills and the ability to work under pressure.
- Good communication skills for collaborating with team members and documenting processes and procedures.
Certification (Optional but beneficial):