Info Security Engineer

Role Overview

We are seeking a talented and experienced Security Engineer with a strong focus on Python and security automation to join our Information Security team. The ideal candidate will be adept at developing and implementing automated security solutions to protect our systems and data. This role requires a proactive individual who can work independently and collaboratively to enhance our security posture. In addition, proficiency and experience using a SOAR for automation and security incident response is required.

Key Responsibilities

• Develop, implement, and maintain security automation scripts and tools using Python.
• Integrate security tools and solutions to automate security processes and workflows.
• Conduct security assessments and vulnerability analysis to identify and mitigate potential threats.
• Monitor security systems and respond to security incidents with automated solutions.
• Collaborate with cross-functional teams to design and implement security controls.
• Stay updated with the latest security trends, vulnerabilities, and technologies.
• Develop and manage APIs to facilitate communication between security tools and systems.
• Build new and edit existing automation to high standards of reliability, efficiency and error-handling.
• Implement and manage Security Orchestration, Automation, and Response (SOAR) platforms to streamline and automate incident response activities, including but not limited to Palo Alto Cortex XSOAR, Splunk Phantom, IBM Resilient, Cyware, Microsoft Logic Apps, and ThreatConnect.
• Utilise Microsoft Defender for Endpoint (MDE) for endpoint protection and threat detection.
• Create and manage queries using Kusto Query Language (KQL) to analyse security data.
• Write detailed technical documentation, including standard operating procedures (SOPs), technical write-ups, and user guides for security tools and processes.
• Implement and manage Continuous Integration/Continuous Deployment (CI/CD) pipeline automation to ensure secure code deployment.
• Utilise Infrastructure as Code (IaC) tools (e.g., Terraform, Ansible) to automate the provisioning and management of secure infrastructure.

Skills and Experience

Required:

• Minimum 3 years’ experience programming in Python, with experience in developing automation scripts and tools.
• Proven experience as a Security Engineer or in a similar role, with a focus on Python and security automation.
• Familiarity with operating system scripting languages such as PowerShell and Bash.
• Experience with security tools and technologies such as SIEM, IDS/IPS, firewalls, and vulnerability scanners.
• Knowledge of cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes).
• Experience with API development and integration, including RESTful APIs.
• Proficiency in implementing and managing SOAR platforms (e.g., Palo Alto Cortex XSOAR, Splunk Phantom, IBM Resilient, Cyware, Microsoft Logic Apps, ThreatConnect).
• Hands-on experience with Microsoft Defender for Endpoint (MDE) for endpoint security.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills, both written and verbal, with the ability to convey complex security concepts to technical and non-technical stakeholders.
• Proven experience in writing detailed technical documentation, including SOPs, technical write-ups, and user guides.

Desirable:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Proficiency in Kusto Query Language (KQL) for querying and analysing security data.
• Knowledge and experience with Infrastructure as Code (IaC) tools (e.g., Terraform, Ansible)
• Relevant certifications such as CISSP, CEH, OSCP, or GIAC.
• Experience with CI/CD pipeline automation and tools (e.g., Jenkins, GitLab CI/CD).
• Experience with DevSecOps practices and tools (e.g., Jenkins, GitLab CI/CD).
• Understanding of network protocols and security architecture.
• Understanding of how security testing, prevention and detection work together in an environment.