CBO Automation Engineer

CFocus Softwareorporated

Job Location:

Washington, AR - USA

Monthly Salary: Not Disclosed

Posted on: 16 hours ago

Vacancies: 1 Vacancy

Job Summary

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
5 years of experience in cybersecurity engineering automation or SOAR development
Hands-on experience with Microsoft Sentinel and Azure Logic Apps
Experience integrating Microsoft Defender XDR (Endpoint Identity Cloud)
Strong scripting skills (Python PowerShell or similar)
Experience with API integrations and automation frameworks
Knowledge of incident response workflows and SOC operations
Understanding of MITRE ATT&CK and detection engineering
Experience with cloud environments (Azure AWS)
Preferred certifications include but are not limited to
- GCIA GCIH CISSP CEH or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g. AWS security)
- Privacy certifications (e.g. CIPP/US CIPM) where applicable

Duties:

Design develop and maintain SOAR playbooks using Microsoft Sentinel (Logic Apps)
Automate incident response workflows (phishing malware containment credential compromise endpoint isolation)
Integrate Sentinel with Microsoft Defender XDR and other security tools (identity endpoint network cloud)
Develop custom automation workflows and enrichment pipelines
Ensure automation aligns with Sentinel data model and schema normalization requirements
Maintain audit logging chain-of-custody and compliance controls within automated workflows
Support automation for alert triage ticketing and escalation processes
Perform continuous improvement of playbooks based on incident trends and threat intelligence
Provide quarterly tabletop exercises and playbook validation
Develop reporting on automation effectiveness (MTTD MTTR improvements)
Collaborate with SOC analysts and engineers to operationalize automation use cases

Required Experience:

Senior IC

cFocus Software seeks an Automation Engineer to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.Qualifications:Active Public Trust clearanceB.S. Computer Science Information Technology or a related field5 yea...

Active Public Trust clearance
B.S. Computer Science Information Technology or a related field
5 years of experience in cybersecurity engineering automation or SOAR development
Hands-on experience with Microsoft Sentinel and Azure Logic Apps
Experience integrating Microsoft Defender XDR (Endpoint Identity Cloud)
Strong scripting skills (Python PowerShell or similar)
Experience with API integrations and automation frameworks
Knowledge of incident response workflows and SOC operations
Understanding of MITRE ATT&CK and detection engineering
Experience with cloud environments (Azure AWS)
Preferred certifications include but are not limited to
- GCIA GCIH CISSP CEH or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g. AWS security)
- Privacy certifications (e.g. CIPP/US CIPM) where applicable

Duties:

Design develop and maintain SOAR playbooks using Microsoft Sentinel (Logic Apps)
Automate incident response workflows (phishing malware containment credential compromise endpoint isolation)
Integrate Sentinel with Microsoft Defender XDR and other security tools (identity endpoint network cloud)
Develop custom automation workflows and enrichment pipelines
Ensure automation aligns with Sentinel data model and schema normalization requirements
Maintain audit logging chain-of-custody and compliance controls within automated workflows
Support automation for alert triage ticketing and escalation processes
Perform continuous improvement of playbooks based on incident trends and threat intelligence
Provide quarterly tabletop exercises and playbook validation
Develop reporting on automation effectiveness (MTTD MTTR improvements)
Collaborate with SOC analysts and engineers to operationalize automation use cases