View Our Website View All Jobs

Incident Response Automation Develper (Python)

POSITION OVERVIEW

Financial Company is looking for a strong Python coder who is passionate about security to manage and develop content for an Enterprise Automation platform.  The role requires a strong generalist familiar with information security, with strong Python skills, experience in systems administration and integrating disparate technologies.

  • Maintain & administer the firm’s security automation & orchestration platform
  • Develop content (Python, PowerShell) to triage security events and identify incidents
  • Work with the security event management team to identify sources of security events and potential incidents
  • Work with the threat intelligence team to identify and develop approaches to enrich security events and incidents with relevant intelligence
  • Develops content to automate common incident workflows to allow incident responders to concentrate on notable events
  • Builds and supports integrations with supporting technologies to automatically respond to, contain and mitigate compromises
  • Provides support to the Incident Response team when responding to, investigating and mitigating potential incidents

PRINCIPAL RESPONSIBILITIES

  • Automation & Orchestration: Implements, maintains and administers automation & orchestration platforms and technologies used in support of the Incident Response, Threat Intelligence & Network
  • Security Infrastructure roles.  Develops and maintains content, code and workflows for automation & orchestration platforms and supporting technologies.
  • Security Consulting: Stays abreast of the latest vulnerabilities and their potential impact to the enterprise.  Understands technologies in use and uses that knowledge to determine overall risk.  Develops content and controls that limit risk to the firm.  Administers and maintains supporting systems, infrastructure and controls.  Works with other groups to address vulnerabilities while minimizing impact to the Business.
  • Provides support to the primary incident response role in responding to, investigating and mitigating incidents.  Provides coverage of incident response role as required.

QUALIFICATIONS

Required

  • 1+ years of coding/scripting experience using Python
  • Experience working with REST and other common API’s
  • Excellent communication and interpersonal skills
  • Understanding of the business and the ability to assess and address risk without negatively impacting the business
  • Ability to work effectively as part of a team
  • Ability to show initiative and take on new tasks as assigned
  • Ability to effectively communicate risk as it relates to the business
  • In-depth understanding of Windows and Unix operating systems
  • General knowledge of networking and internetworking technologies (TCP/IP, HTTP, SMTP, etc.)
  • General knowledge of incident response processes and procedures
  • General knowledge of the functions of various security infrastructure, including firewalls, Intrusion Prevention Systems, Proxy Servers, Security Event Managers, VPNs
  • General knowledge of web application technologies (HTML, JavaScript, etc.)
  • Experience with open source (Puppet, Ansible, Chef, or similiar) automation & orchestration platforms

Preferred

  • Experience with commercial security orchestration and workflow management systems preferred
  • Ability to provide 24-hour on-call support
  • College degree and 1 year of related work experience, or
  • Associate degree and 3 years related work experience, or
  • High School diploma/equivalent and 5 years related work experience
  • Experience in a 24x7 global enterprise, preferably in the Financial industry
  • SANS GIAC certifications
  • Knowledge of Enterprise security platform, controls and technologies such as Splunk, StealthWatch, Palo Alto and ProofPoint.

 

Read More

Apply for this position

Required*
Apply with Indeed
Attach resume as .pdf, .doc, or .docx (limit 2MB) or Paste resume

Paste your resume here or Attach resume file

150