Cybersecurity - SOAR Engineer - Senior Consultant

$103,800 - $190,300/Yr

Ernst & Young - Greenville, SC

posted about 2 months ago

Full-time - Senior
Greenville, SC
Professional, Scientific, and Technical Services

About the position

As a Senior Consultant in Cybersecurity - SOAR Engineering at EY, you will play a crucial role in enhancing clients' security operations and addressing complex cybersecurity threats. This position involves leveraging technical expertise and business acumen to develop and implement automated security solutions, ensuring robust information security strategies for clients. You will collaborate with a global team of experts and have access to advanced tools to combat cybercrime effectively, contributing to a safer digital environment.

Responsibilities

  • Perform regular updates of existing Playbooks based on requirements provided by operations teams for changes in the Threat Landscape or a client's security controls
  • Drive continuous improvement of existing playbooks to address new threats and tactics employed by attackers
  • Manage an inventory of integrations that enable broader playbook creation
  • Produce new playbooks as threats change and new security tools and controls emerge in the market based on requirements from operations teams
  • Perform regular reporting on the usage of playbooks and the effectiveness of a playbook to conclusion
  • Develop logic that bridges connectors, tasks and human input to accelerate the response to escalated security incidents
  • Develop connectors that collect, enrich and leverage data from third party and proprietary services
  • Participate in client meetings to further optimize their specific operational plan based on our best practices and operational learnings

Requirements

  • Bachelor's degree with a minimum of 4 years of related work experience, or a Master's degree with approximately 3 years of related work experience in Computer Science, Information Systems, Engineering, Business, or a related field
  • At least 1 year of related work experience with information security systems, including hands-on SOAR technical infrastructure and implementation experience with Microsoft Sentinel, LogicApps, CrowdStrike Falcon Fusion, or Google Chronicle SOAR
  • Knowledge and experience with security orchestration and automation tools such as XSOAR, Falcon Fusion, LogicApps, Splunk SOAR/Phantom, Tines, and ServiceNow SecOps
  • 3+ years of experience in scripting with one or more of the following languages: JavaScript, Python, PowerShell, and various shell scripting
  • Understanding of REST API best practices and usage
  • Excellent analytical and problem-solving abilities, with a strong understanding of leveraging SIEM for enhanced security monitoring and incident response
  • A valid US driver's license and passport are required, with willingness and ability to travel domestically and internationally to meet client needs; estimated travel of 25% - 50% is required

Nice-to-haves

  • Experience working with AI security tools
  • Experience with Microsoft Sentinel, CrowdStrike NextGen SIEM, and Google Chronicle
  • Familiarity with Unix-based command-line tools
  • Proficiency in programming with Python, JavaScript, and/or Bash shell scripting
  • Familiarity with security technologies including Cloud, DLP, firewalls, IDS/IPS, EDR, etc., as well as other SIEM products like Splunk, CrowdStrike Logscale, Google Chronicle, Microsoft Sentinel
  • Familiarity with common open-source research frameworks
  • Possession of or desire to obtain relevant certifications such as CISSP, CISM, CISA, CIPT, CIPM, CRISC, or others

Benefits

  • Comprehensive compensation and benefits package
  • Medical and dental coverage
  • Pension and 401(k) plans
  • Wide range of paid time off options
  • Flexible vacation policy allowing you to decide how much vacation time you need
  • Time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service