Dir. DDIT ISC CSOC Automation Engineering

Major accountabilities:

• Talent and Growth.
• Manage and mentor associates and team leaders.
• Plan and implement technical and nontechnical development strategies for continuous development of CSOC analysts and leaders strategy and direction.
• Automation engineering service involves planning, developing, testing, operationalizing, and tuning automation content for CSOC functions like detection, investigation, hunting, forensics, and engineering.
• Plan, develop, test, operationalize, and maintain CSOC ticketing for all teams.
• Define and measure performance and effectiveness KPIs; develop and deliver timely reporting to CSOC stakeholders and senior leaders.
• Interface with other CSOC stakeholders to align on initiatives; proactively gather feedback; adjust and improve service continuously.
• Research new tools and techniques to improve overall CSOC ability to monitor, detect, and respond to cyber threats.
• Monitor health of automation content to detect outages, spikes, or other anomalies that may impact CSOC performance.

Key performance indicators:

• Evaluate and review SOAR team performance
• Effectively and efficiently design and implement process automations, create supporting technical documentation and redundancy controls.
• Accurately troubleshoot to diagnose and resolve problems with process automations, case management issues, scripts, and other custom solutions that support CSOC operations.
• Identify technology and process gaps that affect CSOC services; develop solutions and make recommendations for continuous improvement.
• Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across IT, OT and Medical Technologies.

Minimum Requirements:
Experience:

• 10+ Years work experience.
• 4+ Years Python scripting or other similar coding experience.
• Experience with Python and Splunk.
• Experience planning, designing, developing, and testing automation solutions with SOAR platforms (Cortex, Phantom, FortiSOAR, etc).
• Experience developing solutions with SIEM tools (Splunk, QRadar, Sentinel, etc.).
• Experienced IT administration with broad and in-depth technical, analytical and conceptual skills.
• Experience in reporting to and communicating with senior level management (with and without IT background, with and without in-depth risk management background) on incident response topics.
• Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related and incident response concepts to technical as well as nontechnical audiences.
• Proven experience to initiate and manage projects that will affect CSOC services and technologies.

Skills:

• Understanding of SOAR architecture components, including technology integrations, common automation scenarios and solutions.
• Understanding of configuration files and relationship between GUI configuration and backend configuration file impact.
• Experience with software development lifecycle and user acceptance testing.
• An understanding of error messages and logs displayed by various software.
• Ability to troubleshoot, diagnose and solve issues independently.
• Self-learner, ability to document learning as experience is gained.
• Understanding of network protocols and topologies.
• Strong technical troubleshooting and analytical skills.
• Experience with platform and application automated deployment and version control software e.g. (Ansible, Git, Bitbucket).
• A knowledge of the MITRE ATT&CK framework is beneficial.
• Ability to prioritise workload.
• Excellent written and spoken English.
• Calm and logical approach.

Languages :

• English.