Python Job: Global Information Security Engineer

What you will do
Global Information Security Engineer is a position reporting into the Manager, Security Automation – Global Information Security with responsibility of administration, maintenance, development, and implementation of the GIS organization security tools.
You will be a passionate information security professional with the ability to communicate to different business and IT leaders. You will demonstrate drive, intelligence, maturity, and energy and will be a proven security analyst. In addition, you will:

• Independently, or in a team setting, implement and support security platforms: Security Orchestration Automation & Response (SOAR), Security Information Event Management (SIEM), Vulnerability Management

• Perform continuous optimization, tuning and monitoring of platforms

• Perform integration of platforms into SIEM, SOAR and/or APIs

• Participate in the design and maintenance of security playbooks

• Troubleshoot issues affecting internal customers of supported platforms

• Maintain on-prem and cloud logging infrastructure, including heavy forwarders and cloud services dedicated to logging to ensure reliability

• Coordinate with IT teams, threat detection teams, and analyst teams to ensure that logging architecture and log feeds are reliably providing quality data to support detection and investigation activities

• Assists in the development and implementation of internal security projects including writing documentation, providing input, and initial installation and configuration

• Work with Threat Detection team to identify log sources that could be used for detection and enrichment

• Continually improve the organization's security posture through lifecycle management, upgrades, implementation of new features, systems, and processes that are owned by or relate to information security.

This role offers flexibility in working from home.
How you will do it
Automation Capabilities (SOAR)

• Document security workflows, optimize for automation, recreate in automation tool, and customize code as necessary

• Provide feedback into the security logging and automation platform and processes to decrease threat time to detection and increase Security Operations team efficiency

• Build, test, and deploy, custom and out-of-the-box SOAR integrations using APIs

• Contribute to a DevOps practice for incrementally building and releasing automations to increase SOC productivity

• Identify potential automation use cases and present ideas at internal review board

Manage SIEM Capabilities (Splunk Enterprise Security)

• Ensure platform is maintained on supportable baselines

• Daily monitoring of the SIEM, log parsing and log onboarding, Application integration, APIs, and overall management of the platform

• Strong analytical and operational background in a diverse variety of big data log sources

Integration Capabilities

• Develop scripts to retrieve system information, perform actions or deploy packages for Linux, Windows, and Mac systems. Linux Bash, Python skills required, PowerShell is a plus.

• Support platforms and their respective clients, globally

• Use APIs to create integrations to enable data enrichment and incorporation of threat intelligence sources

What we look for

• Minimum 2 years of SOAR automation experience. This includes identifying automation opportunities, creating custom automation, or playbooks, testing, and deploying.

• Minimum 8 years of information security related and information technology logging analytics experience with a proven history of helping organizations ingest, parse, and make sense of varied, large sets of information.

• Experience with Security Incident and Event Management (SIEM) Endpoint Detection and Response (EDR), and Security Workflow Automation tools.

• Knowledge of Splunk Cloud architecture including using Heavy Forwarders, Deployment Servers, and Splunk Agents.

• Strong analytical and operational background in a diverse variety of big data log sources

• Experience in performing DevOps under an agile model

Preferred

• A minimum bachelor’s degree in computer engineering, computer security or computer science discipline or a combination of education and experience as determined by Johnson Controls.

• Strong scripting skills in multiple languages including Python, PowerShell, Bash, XML, SPL, and Json.

Desired Certifications (but not required):

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

• Certified Ethical Hacker (CEH)

• Cisco Certified Network Associate Security (CCNA Security)

• Cisco Certified Network Associate (CCNA)

• Cisco Certified Network Professional Security (CCNP Security)

• Cisco Certified Network Professional (CCNP)

• Server Platform Certifications (Microsoft, Linux)

• CompTIA Security+

#LI-Remote
#LI-MO1
IRLJCI23

Job Type: Permanent

Benefits:

• Bike to work scheme
• Company pension
• Private medical insurance
• Work from home

Schedule:

• Monday to Friday

Work Location: Hybrid remote in Cork, CO. Cork