Security Incident Automation Engineer

Location: Rockville, Maryland - Remote
Category: Cybersecurity
Employment Type: Contract To Hire
Job ID: 16125
Date Added: 01/09/2024

Apply Now

Fill out the form below to submit your information for this opportunity. Please upload your resume as a doc, pdf, rtf or txt file. Your information will be processed as soon as possible.

* Required field.

Security Incident Automation Engineer

We are seeking an Incident Engineer to join our Threat Detection and Response Team who fully understands security incident response and can automate responses to security events, can improve and augment the triage of security alerts and can write scripts and programs to aid analysts in their work. The individual will need to fully understand security events (from various commercial and open source platforms) so they can be correlated, combined and presented to analysts, plus be able to collect information on investigated events so that future similar events can be compared when presenting to analysts.

Required Skills:

  • Minimum 2 years of experience in the Information Security field or a relevant undergraduate or Master’s degree focused on Information Security/Information Assurance.
  • Good “hands-on” technical understanding of network fundamentals and common Internet protocols.
  • Technical understanding of the information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.).
  • Has worked directly as a security incident automation analyst and has performed successfully in all aspects of incident response process.
  • Must have a demonstrated capability to write scripts and code in Python and PowerShell. Ability to write in Java would be a plus.
  • Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff.

Desired Skills:

  • Solid knowledge of various cloud environments (AWS, Azure, etc.) and its respective API’s.
  • Operational experience monitoring devices such as network and host-based intrusion detection systems, web application firewalls, NextGen firewalls, antivirus systems, proxy servers, file integrity monitoring tools, and operating system logs. 
  • Distinctive investigative, problem solving and analytical skills
  • Knowledge of EDR and Network security tools
  • Technical security certifications like Security+, Ethical Hacking or SANS/GIAC a plus.