Job Description
The Security Automation Engineer will be responsible for deploying, tuning and maintaining automated security response and incident management platforms to manage high volume, repeatable security response workloads. In addition, this position will build out the functionality necessary to develop security response tickets to replace the existing platform.
This position is a hands-on role that requires knowledge of security orchestration automation and response (SOAR). The candidate must understand security and event response processes in order to effectively design the workflows that will enhance security operations and centralize response with the benefit of automation. In this role, the candidate will work with the cyber security teams in order to develop a comprehensive understanding of how the cyber security teams manage the alerts requiring action or investigation. The successful candidate will demonstrate strong knowledge of and experience with the general information security controls employed to operate within a state-of-the-art cyber incident response team, as well as the ability to identify, test and implement automated actions and the management of the security incidents.
The successful candidate will have demonstrated expertise in all aspects of security incident response and the technologies leveraged for this purpose. The candidate will have at least 4 years of experience working in an enterprise security engineering environment providing comprehensive solutions and approaches to solving the challenges associated with a large, complex, global ecosystem requiring strong security controls and rapid response while minimizing the potential for impact to the business processes.
KEY RESPONSIBILITIES AND DUTIES:• Design, configure, manage and maintain the security orchestration automation and response platform.• Utilize the tools to build an incident response platform that is easily leveraged by the cyber response teams so they can manage the daily workload effectively.• Perform security related tasks, including the day-to-day administration of the SOAR platform.• Develop the automation workflows and thoroughly test the workflows to ensure the actions performed are aligned with the expected outcomes needed to ensure an effective incident response platform.• Work with the security analysts and content management teams to ensure data ingested by the SIEM is useful, reduces white noise, and is properly leveraged and actioned for incident response.• Perform security analysis of alert patterns and adjust workflows and procedures to account for misfires.• Determine and implement appropriate levels of security configuration, controls and monitoring.• Develop quality program metrics to measure program performance as well as enterprise risk. This data must provide actionable intelligence to help drive and track progress of the security response program.
Required Skills:• Bachelor's degree in Information Systems (or related field) or equivalent experience.• 4+ years in a security engineering and operations Enterprise environment.• 2+ years using Python to develop scripts in a production environment.• Experience in leveraging REST API interfaces in python scripting.• Experience implementing security orchestration, automation and response (SOAR) technologies.• Understanding of Security Information and Event Management (SIEM) with knowledge of log collection, parsing of log files and how this data can be effectively used to mitigate risk and respond to threats.• Moderate proficiency using data aggregated to a SIEM (security information event monitoring) and the ability to define and develop queries against that data.• Good understanding of query optimization against large data sources so as to not cause performance impacts to the system.• Proficiency in defining workflows/process execution flows in a business process management style.• Understanding of security capabilities such as network firewalls, endpoint detection & response, traffic proxies, and mail security gateways.• 4+ years' experience managing Redhat Linux server instances.• 2+ years' experience in troubleshooting Docker containers.• Experience troubleshooting server and application performance.• Working knowledge of operating systems, applications, and security architectures.• Strong analytical and organizational skills.• Excellent verbal and written communication, problem solving and time management skills.• Ability to work efficiently and productively with minimal guidance or direction.• Strong team player with initiative and ability to take charge of their area of expertise.• Ability to clearly and effectively communicate concerns, issues and research to other teams.
Desired Skills:• One or more IT Security related certifications is highly preferred, such as CISSP, SSCP, CCIE, CISM or CEH.
#LI-SE1
#LI-Remote
We're proud to offer a range of employee benefits and resources that help you protect what matters most - your health care, savings, financial protection and wellbeing. We provide a variety of leaves for personal, health, family and military needs. For example, our "Giving Back" program allows you to take up to 24 hours a year to volunteer in your community. Our global mental health and wellness days off provide all colleagues with a paid day off to focus on their mental health and wellbeing.
We also believe in fostering our colleagues' development and offer a range of learning opportunities for colleagues to hone their professional skills to position themselves for the next steps of their careers. We have a tuition reimbursement program for eligible colleagues to enhance their education, skills, and knowledge in areas that relate to their current position or future positions to which they may transfer or progress.
We are an Equal Opportunity Employer
American International Group, Inc., its subsidiaries and affiliates are committed to be an Equal Opportunity Employer and its policies and procedures reflect this commitment. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories such as sexual orientation. At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.
To learn more please visit: https://www.aig.com/about-us/diversity-equity-and-inclusion
AIG is committed to working with and providing reasonable accommodations to job applicants and employees with physical or mental disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process, please send an email to [email protected]. Reasonable accommodations will be determined on a case-by-case basis.
Functional Area:
IT - Information Technology
Estimated Travel Percentage (%): Up to 25%
Relocation Provided: No
AIG Employee Services, Inc.
This position is a hands-on role that requires knowledge of security orchestration automation and response (SOAR). The candidate must understand security and event response processes in order to effectively design the workflows that will enhance security operations and centralize response with the benefit of automation. In this role, the candidate will work with the cyber security teams in order to develop a comprehensive understanding of how the cyber security teams manage the alerts requiring action or investigation. The successful candidate will demonstrate strong knowledge of and experience with the general information security controls employed to operate within a state-of-the-art cyber incident response team, as well as the ability to identify, test and implement automated actions and the management of the security incidents.
The successful candidate will have demonstrated expertise in all aspects of security incident response and the technologies leveraged for this purpose. The candidate will have at least 4 years of experience working in an enterprise security engineering environment providing comprehensive solutions and approaches to solving the challenges associated with a large, complex, global ecosystem requiring strong security controls and rapid response while minimizing the potential for impact to the business processes.
KEY RESPONSIBILITIES AND DUTIES:• Design, configure, manage and maintain the security orchestration automation and response platform.• Utilize the tools to build an incident response platform that is easily leveraged by the cyber response teams so they can manage the daily workload effectively.• Perform security related tasks, including the day-to-day administration of the SOAR platform.• Develop the automation workflows and thoroughly test the workflows to ensure the actions performed are aligned with the expected outcomes needed to ensure an effective incident response platform.• Work with the security analysts and content management teams to ensure data ingested by the SIEM is useful, reduces white noise, and is properly leveraged and actioned for incident response.• Perform security analysis of alert patterns and adjust workflows and procedures to account for misfires.• Determine and implement appropriate levels of security configuration, controls and monitoring.• Develop quality program metrics to measure program performance as well as enterprise risk. This data must provide actionable intelligence to help drive and track progress of the security response program.
Required Skills:• Bachelor's degree in Information Systems (or related field) or equivalent experience.• 4+ years in a security engineering and operations Enterprise environment.• 2+ years using Python to develop scripts in a production environment.• Experience in leveraging REST API interfaces in python scripting.• Experience implementing security orchestration, automation and response (SOAR) technologies.• Understanding of Security Information and Event Management (SIEM) with knowledge of log collection, parsing of log files and how this data can be effectively used to mitigate risk and respond to threats.• Moderate proficiency using data aggregated to a SIEM (security information event monitoring) and the ability to define and develop queries against that data.• Good understanding of query optimization against large data sources so as to not cause performance impacts to the system.• Proficiency in defining workflows/process execution flows in a business process management style.• Understanding of security capabilities such as network firewalls, endpoint detection & response, traffic proxies, and mail security gateways.• 4+ years' experience managing Redhat Linux server instances.• 2+ years' experience in troubleshooting Docker containers.• Experience troubleshooting server and application performance.• Working knowledge of operating systems, applications, and security architectures.• Strong analytical and organizational skills.• Excellent verbal and written communication, problem solving and time management skills.• Ability to work efficiently and productively with minimal guidance or direction.• Strong team player with initiative and ability to take charge of their area of expertise.• Ability to clearly and effectively communicate concerns, issues and research to other teams.
Desired Skills:• One or more IT Security related certifications is highly preferred, such as CISSP, SSCP, CCIE, CISM or CEH.
#LI-SE1
#LI-Remote
We're proud to offer a range of employee benefits and resources that help you protect what matters most - your health care, savings, financial protection and wellbeing. We provide a variety of leaves for personal, health, family and military needs. For example, our "Giving Back" program allows you to take up to 24 hours a year to volunteer in your community. Our global mental health and wellness days off provide all colleagues with a paid day off to focus on their mental health and wellbeing.
We also believe in fostering our colleagues' development and offer a range of learning opportunities for colleagues to hone their professional skills to position themselves for the next steps of their careers. We have a tuition reimbursement program for eligible colleagues to enhance their education, skills, and knowledge in areas that relate to their current position or future positions to which they may transfer or progress.
We are an Equal Opportunity Employer
American International Group, Inc., its subsidiaries and affiliates are committed to be an Equal Opportunity Employer and its policies and procedures reflect this commitment. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories such as sexual orientation. At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.
To learn more please visit: https://www.aig.com/about-us/diversity-equity-and-inclusion
AIG is committed to working with and providing reasonable accommodations to job applicants and employees with physical or mental disabilities. If you believe you need a reasonable accommodation in order to search for a job opening or to complete any part of the application or hiring process, please send an email to [email protected]. Reasonable accommodations will be determined on a case-by-case basis.
Functional Area:
IT - Information Technology
Estimated Travel Percentage (%): Up to 25%
Relocation Provided: No
AIG Employee Services, Inc.
Date Posted
11/06/2022
Views
5
Positive
Subjectivity Score: 0.8
Similar Jobs
Assistant Director at Idlewild KinderCare - KinderCare Learning Companies
Views in the last 30 days - 0
View Details