Job was saved successfully.
Job was removed from Saved Jobs.

Job Details

SOAR Developer ( R-00070359 )


AI Developer



Washington, Washington DC, United States


Job Description:

Leidos has an immediate need for a Security Orchestration Automation and Response (SOAR) developer to join our DHS Enterprise Security Operations Center (ESOC) Team. The ideal SOAR Developer is someone who is process driven, efficient, and strives to remove tedium from daily workflows. The developer will provide an Agile DevSecOps approach to the modernization of DHS ESOC cybersecurity operations, along with responding to emergent development requirements from Security Operations. The ideal candidate will be flexible and ready to work within a DevSecOps model within DHS ESOC which includes incident response operations and development engineers participating together in the entire lifecycle, from design through the development process to production support.

Primary Responsibilities

  • Automate DHS NOSC Security Incident Response processes providing the ability to analyze and resolve alerts from existing security tools leveraging a single stream management system

  • Develop and maintain custom Swimlane applications for ESOC IR workflow (e.g., create custom application to automate intelligence gathering)

  • Assist with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions

  • Organize requirements into user stories that are Independent, Negotiable, Valuable, Estimable, Small and Testable

  • Integrate SOAR platform with other security tools and APIs to execute automated workflows

  • Author, test, and maintain automation scripts/workflows within SOAR platform

  • Design, implement, and maintain efficient and reusable Python code

  • Review, debug, and resolve technical issues throughout all stages of SDLC

  • Coordinate with System Administrators, Engineers, and ISSOs to provision service accounts and/or grant required permissions

  • Measure effectiveness of process improvement and automation efforts via metrics and KPIs

Basic Qualifications

  • The candidate shall have bachelor’s degree in Computer Science, Engineering, or related field and a minimum of 6 years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in Cybersecurity.

  • At least one of the following certifications: CASP, Sec+, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX

  • Experience with SOAR platforms such as Swimlane, Phantom, Demisto, etc

  • Familiarity with continuous integration and continuous delivery (CI/CD) concepts

  • Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices required

  • Proficient in Python scripting

  • Working knowledge of REST APIs, JSON, HTML/CSS, Javascript, XML

  • Experience as a SOC Analyst and/or Incident Responder

  • Experience authoring SOC SOPs, playbooks, work instructions and/or other process documents

  • Familiarity with Splunk Search Processing Language (SPL) and/or Elastic Domain Specific Language (DSL)

  • Proven Experience building consensus and managing cross-functional teams

  • Experience in DevSecOps environment

  • Experience writing acceptance criteria and designing user interfaces for a production system

  • Department of Homeland Security ESOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.

Preferred Qualifications

  • Swimlane Certified SOAR Administrator (SCSA)

  • Swimlane Certified SOAR Developer (SCSD)

  • Client-facing federal consulting and business analysis experience

Pay Range: