Threat Detection & Response Consulting - Security Orchestration, Automation and Response (SOAR) - Senior
KEY Capabilities:
- Excellent teamwork skills, passion and drive to succeed and combat Cyber threats
- Working with the customer to identify security automation strategies and provide creative integrations and playbooks.
- Work collaboratively with other team members to find creative and practical solutions to customers’ challenges and needs.
- Expertise in design and implementation of SOAR solution such as Phantom (Preferable), Demisto or Resilient
- Responsible for execution and maintenance of SOAR related analytical processes and tasks
- Manage and administration of SOAR platforms
- Hands-on experience with Incident Response and Threat Intelligence tools.
- Creation of reusable and efficient Python-based Playbooks.
- Use Phantom platform to enable automation and orchestration on various tools and technologies by making use of existing or custom integration
- Partner with security operations teams, threat intelligence groups and incident responders.
- Should have worked in a security operations center and gained understanding of SIEM and other log management platforms. Having experience in Splunk content development will be an added advantage
- Should have solid experience in the design/build, test, implementation, and maintenance of integration with other security tools and platforms
- Willing to learn new technologies and take up new challenges. Assist in developing high-quality technical content such as automation scripts/tools, reference architectures, and white papers.
- Knowledge in Network monitoring technology platforms such as Fidelis XPS or others
- Knowledge in endpoint protection tools, techniques and platforms such as Carbon Black, Tanium, Microsoft Defender ATP, Symantec, McAfee or others
Qualification & experience:
- Minimum of 6 years’ experience in cyber security with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated SOAR solution in global enterprise environments.
- Strong oral, written and listening skills are an essential component to effective consulting.
- Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
- Must have knowledge of Vulnerability Management, basic Windows setup, Windows Domains, trusts, GPOs, server roles, Windows security policies, basic Linux setup, user administration, Linux security and troubleshooting.
- Should have strong hands-on experience with scripting technologies like Python, REST, JSON, SOAP, ODBC, XML etc.
- Must have honours degree in a technical field such as computer science, mathematics, engineering or similar field
- Minimum 3 years of working in SOAR
- Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix and Splunk will be an added advantage
- Certifications in a core security related discipline will be an added advantage.
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.