The Cyber Data SOC Automation Manager will engineer critical cyber data automation solutions to more accurately detect, protect and respond to cyber vulnerabilities, threat or events. The candidate will perform hands-on the full engineering life cycle. It includes internal and external partner’s engagement, architecture alignment, to shape the product vision / capability / technology evolution, to own and deliver the product projects and to ensure solid continuous Dev/OPS. The candidate will pay continuous attention to enhance the product delivered business value, user experience and capabilities while optimizing its full costs and technical reliability / simplicity. This exciting and unique role is bridging 2 key domain expertise’s:
the cyber world with network security, end point security, app security, vulnerability DB, SIEM’s, identity and authorization management.
the data engineering/analytics/ automation world: ingesting and blending data from multiple systems and building advanced solutions to automate and enrich the ISRM and cyber tasks and data flows.
Specific Responsibilities
Proactively engage with her/his internal key cyber security business & IT partners to empathize with their strategic, tactical and analytical needs, focusing on the following teams: Cyber Security Operations, Network Security, End Point Security, Identity and Access Management, IT Risk Management, Cyber Architecture & Vulnerability Assessments, Business Risk Management.
Balance business value with technical feasibility while prioritizing features, optimizing cost and improving delivery efficiency
Build and maintain ISRM data & SOAR automation, translating user stories from the backlog into working code, using modern design patterns and architectural principles
Lead a global security automation program that focuses on the orchestration of security workflows that dramatically increases speed to value, reduces human error, and empowers CSOC members when performing security incident triage and resolution.
Maintain and fix any issues related to the Cortex XSOAR platform to ensure minimal downtime, working with the vendor as necessary.
Develop a wide gamut of Cortex XSOAR integrations and playbooks with security tools and services within Johnson & Johnson.
Write code that is high quality, well documented, and efficient and is easy to maintain and update. Move code through environments and into production (e.g. Release Process).
Drive testing and deployment of software solution, including ensuring automated testing to ensure solution quality
Improve operational efficiency by developing additional automation tools and scripts (e.g., CI/CD automation)
Build and operate infrastructure, toolset, and deployment pipelines
Work closely with other Software Engineers and QAs to understand the system end-to-end
Support product owner in defining stories and Lead Engineer in defining technical solutions
Manage technical debt, including vulnerability scanning
Provide ongoing solution support, incl. incident and problem management (L2+), root cause analysis, request fulfilment, security compliance, fault repair, resiliency testing, and observability
Required
Qualifications
A minimum of a Bachelor’s degree in Computer Science is required, or equivalent years of experience in a comparable role with a demonstrable track record of successful experiences
A minimum of 6 years of Cyber security data engineering and SIEM experience is required, preferably in a large global organization with at least 2 years’ experience in Python and SQL coding. Experience must include architecture, engineering, and operational support of those solutions.
Excellent hands-on, multi-functional skills in multiple technology areas such as servers, network, data center and applications
Experience within highly regulated GxP or SOx environment
Strong presence, influencing, collaboration, information-sharing and organizational skills
Intermediate skills, verbal and written, in English communication
Ability to work independently, in fast paced environment and prioritize in parallel while managing expectations. Curious and fast learner
Exercise independent judgment, strong decision making and problem solving for key processes
Must have a strong customer service orientation, eye for business value, and a bias for action.
Great teammate, works with virtual, global teams – including diverse groups of people with varied backgrounds and cultural experiences
experience in leading mid-sized technical IT projects end-to-end, influencing others without having supervisory responsibility
Experience in a multi-platform, multi-vendor large enterprise
A constant learner, look for new ways to implement features and functions that creates higher levels of customer satisfaction
Preferred
An advanced degree in IT
Cyber certification: CISSP or CISM with deep expertise of network / server / db / app / user security, configuration and cyber related data points
Solid experience in engineering SOAR / SIEM IT data products to mine, blend, process, and analyze very large volumes of structure, semi and unstructured data (gigabytes and terabytes) at high velocity
Experience integrating with security tools and services through diverse APIs.
Experience working with ServiceNow, both from a user and programmatic standpoint
Hands-on experience with SIEMs and associated investigations and alerting within them is a plus.
Experience in advanced SQL query development & database modelling is a plus.
Agile Scrum / Product Owner / PMP certification is a plus.
Apply via :
jobs.jnj.com