Job Details
Python Developer
Description
Job Description:
Leidos has an immediate need for a Security Orchestration Automation and Response (SOAR) developer to join our DHS Enterprise Security Operations Center (ESOC) Team. The ideal SOAR Developer is someone who is process driven, efficient, and strives to remove tedium from daily workflows. The developer will provide an Agile DevSecOps approach to the modernization of DHS ESOC cybersecurity operations, along with responding to emergent development requirements from Security Operations. The ideal candidate will be flexible and ready to work within a DevSecOps model within DHS ESOC which includes incident response operations and development engineers participating together in the entire lifecycle, from design through the development process to production support.
Primary Responsibilities
Automate DHS NOSC Security Incident Response processes providing the ability to analyze and resolve alerts from existing security tools leveraging a single stream management system
Develop and maintain custom Swimlane applications for ESOC IR workflow (e.g., create custom application to automate intelligence gathering)
Assist with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions
Organize requirements into user stories that are Independent, Negotiable, Valuable, Estimable, Small and Testable
Integrate SOAR platform with other security tools and APIs to execute automated workflows
Author, test, and maintain automation scripts/workflows within SOAR platform
Design, implement, and maintain efficient and reusable Python code
Review, debug, and resolve technical issues throughout all stages of SDLC
Coordinate with System Administrators, Engineers, and ISSOs to provision service accounts and/or grant required permissions
Measure effectiveness of process improvement and automation efforts via metrics and KPIs
Basic Qualifications
The candidate shall have bachelor’s degree in Computer Science, Engineering, or related field and a minimum of 6 years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity.
At least one of the following certifications: CASP, Sec+, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX
Experience with SOAR platforms such as Swimlane, Phantom, Demisto, etc
Familiarity with continuous integration and continuous delivery (CI/CD) concepts
Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices required
Proficient in Python scripting
Working knowledge of REST APIs, JSON, HTML/CSS, Javascript, XML
Experience as a SOC Analyst and/or Incident Responder
Experience authoring SOC SOPs, playbooks, work instructions and/or other process documents
Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)
Proven Experience building consensus and managing cross-functional teams
Experience in DevSecOps environment
Experience writing acceptance criteria and designing user interfaces for a production system
Department of Homeland Security ESOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
Preferred Qualifications
Swimlane Certified SOAR Administrator (SCSA)
Swimlane Certified SOAR Developer (SCSD)
Client-facing federal consulting and business analysis experience