The Cybersecurity Automation Engineer should be an experienced Security Threat Engineer and will use Splunk Phantom for the engineering and management of all Security Orchestration Automation Response (SOAR). The candidate must have strong technical skills and direct experience with integration and playbook development for the Splunk Phantom solution to support automation for security incident handling, incident response, intrusion analysis, threat hunting, digital forensic analysis, vulnerability scanning, Data Loss Prevention (DLP) and other cyber and information assurance automation functions.
Security Clearance: TS/SCI
8570 Certification: Minimum certification if IAT level II (one of the following certs, CCNA Security, CySA+, GICSP, GSEC, Security+ CE, SSCP) Level III preferred (CISSP, GCIH, GCFA, GCIA, GNFA, Linux+, CCNA R&S, Splunk Power User)
Experience with Splunk Phantom, Linux, and PowerShell a must
Critical Soft Skills
Must be able to multi-task and adapt to changing priorities in highly stressful situations
Highly resilient and motivated to investigate unfamiliar and anomalous problems in a robust OPTEMPO environment, including follow-through to complete resolution
Critical thinking skills required to apply and correlate data from multiple sources to automate and solve complex problems
Strong ability to quickly and clearly articulate operational impacts of cyber security incidents/events to leadership
Ability to communicate efficiently and precisely to target audience, as well as build strong rapport with other teams
Critical Technical Skills
Experience installing and configuring Phantom.
Experience with integrating security related use cases into Phantom.
Craft reusable, testable, and efficient Python-based Playbooks.
Configure and program to enable integration of Phantom with other systems per defined use cases and playbooks.
Extend the platform through the development of Security Apps.
Train and mentor security development teams on the use and capabilities of Phantom
Identify and use existing tools and the Phantom platform to enable automation and orchestration.
Work with customer to identify security integration and implementation strategies.
Help the customer develop their expertise and knowledge of the Phantom product. This role also includes supporting the definition of requirements that enable creative integrations and playbooks.
Partner with security operations teams, threat intelligence groups and incident responders.
Codify workflows into automated playbooks using our visual editor or the integrated Python development environment.
Experience in integrating and using Phantom s flexible app model, hundreds of tools and thousands of unique APIs (REST and SOAP).
Experience in developing python scripts, PowerShell and use of Linux commands.
Drive efficient communications across your team with integrated collaboration tools.
Experience in using Phantom event and case management to rapidly triage events in an automated, semi-automated, or manual fashion.
Expertise is Linux, and power shell
Notify CND managers, CND incident responders, and other team members of suspected CND incidents and articulate the events history, status, and potential impact for further action
Coordinates with higher authorities on events that involve actual or attempted intrusions, viruses, worms, hoaxes, etc. that occur on the enclaves
Implement and enforce CND policies and procedures reflecting applicable laws, policies, procedures, and regulations
Provide incident reports, summaries, and other situational awareness information to higher headquarters
Manage an incident (e.g., coordinate documentation, work efforts, resource utilization within the organization) from inception to final remediation and after action reporting
About Our Work
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.