Security Architect Orchestration & Automation (SOAR)

VANRATH are happy to be working alongside a leading law firm who are aiming to recruit a Security Architect Orchestration and Automation (SOAR Architect)
The role exists to protect the confidentiality, integrity, availability, and recoverability of information, systems, and facilities in compliance with organizational policies and standards.

Responsibilities:

An ideal candidate will be able to analyse potential solutions for adhering to the company's design requirements inclusive of requirements that result from the ISMS policy, client contracts, regulation and professional obligation.
The candidate will give expert counsel to constituents with regards to their information security obligations and facilitate an acceptable outcome based upon the tenets of the company's Risk Management Framework. Frequent interfacing with technical, legal, and business operations personnel is expected.

Other duties include:

• Design, implement, and support event management and logging solutions identified as necessary for the protection of company assets
• Integrate and connect disparate systems to achieve synergistic incident detection, reporting, and response outcomes
• Source new opportunities for the application of SOAR technologies, principles, and concepts across technical teams, processes, and systems
• Develop, maintain, and support key SOAR infrastructure, including toolsets, scripts, dashboards, and metrics
• Work methodically with key constituents, such as SOC/IR, to deliver SOAR capabilities consistent with design requirements
• Provide input, create documentation, and review information security policies and procedures
• Utilize common security toolsets (SIEM, sniffer, IDS, etc.) to identify issues and analyse compliance with existing policies and procedures
• Provide high quality, business-level reports to management
• Make a contribution to the company's security-related information repositories (web, database, SharePoint)
• Monitor and report on compliance with the company's information security policies and procedures
• Monitor internal control systems to ensure that suitable information access levels and security clearances are maintained
• Stay up to date with the threat, capability, and technology landscape
• Report compliance failures to appropriate management for immediate remediation
• Take part in the definition of the organization's IT disaster recovery and continuity plans for security event management systems
• Perform the role of an internal information security consultant and mentor regarding security event logging to the Security Team and other constituents by monitoring information security technologies and trends, providing expert guidance, and assisting with knowledge development/mentoring activities
• Act as a 3rd-level support resource for the purposes of ticket resolution and change management activities
• Analyse, recommend, and implement controls as determined necessary by management
• Support company standard security applications, utilities, and processes. Utilize remote control and remote access software in the performance of duties
• Utilize standard security tools such as a SIEM, IDS, and other event logging systems

Skills and Experience:

Technical Skills

• Thorough knowledge of security concepts, technologies, controls, and best practices
• Working knowledge of information security frameworks such as ISO27001, NIST, and CIS
• Ability to produce contract language and convert such language to controls
• Confident understanding of security threats, qualitative and quantitative risk valuation models, and effective tools, tactics, and techniques for risk reduction
• Expert understanding of SIEM/SOAR concepts and toolsets, including how to architect, automate, and integrate effectively with Incident Response
• Thorough understanding of collecting and utilizing security event telemetry and threat intelligence sources to protect critical assets
• Confident understanding of data communications and information systems hardware and software
• Confident understanding of principles, theories, techniques, and methods of information system analysis and programming, particularly secure coding practices
• Thorough knowledge of data processing and data communications concepts and services
• Working knowledge of encryption technologies and standards, both at-rest and in-flight
• Familiar with BCP/DR concepts and practices
• Thorough knowledge of computer monitoring systems, endpoint security controls, vendor-supplied packaged programs, macros, utilities, and other highly technical programs
• Expert analysis skills, including the gathering and analysing of facts, formulating objective conclusions modified by subjective and experience-based qualifiers when applicable, defining problems, and promoting solutions
• Ability to adapt, integrate, and modify current programs or vendor-supplied package programs for use with existing information systems
• Proficient in the delivery of training and informational sessions to technical and non-technical constituencies
• Proficient in oral and written English
• Ability to work autonomously and maintain a high level of productivity.

Minimum Education / Experience

• Possess a Computer Science Bachelor's Degree or substantial equivalent experience
• Extensive professional experience with advanced information IT and security systems, including TCP/IP networking, scripting, and incident handling
• Extensive experience of designing and implementing cyber security solutions in a large enterprise
• Strong experience in managing SIEM deployments
• Good experience in using scripts or other SOAR tools to automate security practices
• Strong experience acting in a security advisory capacity to multiple constituencies
• CISSP, SSCP, CISM, CRISC, CISA, or CGEIT preferred
• SANS GPYC or equivalent coding experience beneficial