CyberDefence Automation & Orchestration Engineer

The CyberDefence Automation & Orchestration engineer is part of the CyberDefence Content Engineering Team. The Automation engineer’s purpose is to develop requested Automation requirements from the wider CyberDefence organization. These requirements are submitted as project backlog items in MS DevOps and are typically developed in Splunk Phantom soar tool. The outcome of these automations is one or a combination of below:Automation of Manual operator tasks (process efficiency) to safe operator time;Automation of CyberDefence tasks which are not possible to execute Manually (such as regularly checking for open access in the entire IT estate);Automation of detecting Cyber hygiene non-compliances and automated response action;Enrich the Automation coverage by adding more interface to various systems..All automations together should result in:Faster detection and Response on Cyber EventsMore coverage with same amount of cyber Analyst resourcesAutomated detection of Cyber Hygiene non-compliance on IT estate in the clientJob Description:Perform as CyberDefence Automation & Orchestration engineer in CyberDefence which has three main areas of focus:Pick-up and deliver Automation request from the DevOps room and interface with the requestor(s) to confirm the automation requirements are fulfilled to satisfaction;Participate and/or facilitate the A&O hub meetings to clarify, prioritize and resolve impediments of the incoming request with the wider team;Maintain the automation development code in production including coding administration so that the team can modify/troubleshoot the developed automation in future.Accountabilities:Craft reusable, testable, and efficient Python-based Playbooks;Extend the Splunk platform through the development of Security Apps;Identify and use existing tools and the Phantom platform to enable automation and orchestration;Assisting in the development and review of technical specifications for automation solutions;Extend the Splunk Phantom platform with the required interfaces to fulfill the incoming Automation request;Working with the content engineering stakeholders to identify security automation integration.;Planning and reporting status on the Backlog items assigned to you (via A&O Hub meetings);Partner with CDT operations teams, threat, VM, Monitoring, Incident response etc to support the development of automations for those teams;Assure that all code is pushed to production with the necessary code documentation for future modification or troubleshooting.The Automation Engineer position drives the overall goals and objectives of the team but is not responsible for the budget or direct management of content engineering team staff.
staffing groep
05-08-2020 00:00