Responsibilities

H-E-B is a leading innovator in technology, and our Digital Technology Team collaborates to design, construct, implement, and support solutions across the enterprise.

Our Partners thrive The H-E-B Way. As a Security Engineer II: Automation you would have a…

HEART FOR PEOPLE… you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams

HEAD FOR BUSINESS… you have an ownership mentality and a consistent track record of timely delivery of high-quality software

PASSION FOR RESULTS… the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions.

As a critical part of the Digital Security Operations Center (DSOC), this role will lead security detection automation designs, implementation, integration, and maintenance of SOAR playbooks and tools to automate complex cyber activities. Assess, design, and improve DSOC processes and workflows with a focus on integrating automation through SOAR tools and technologies. Implement new SOC automation and ensure continued compatibility with existing detection and response tools. Work closely with the DSOC and Security Engineering teams to improve existing automation, implement new automation (including platforms) and deliver resilient security solutions. Integrates new logging sources and build playbooks to properly triage and respond to security incidents while reducing the time needed to analyze each event. Develop custom scripts to automate current detection and response workflows as well as analyzes DSOC alerts statistics and workflows to reduce false positives and properly focus engineering efforts.

ROLE

• A technical engineer, with an extensive hands-on security operations background, who drives the SOAR development lifecycle, in support of the security operations & IR teams.
• Strong understanding of SOAR playbook development and logic flows.
• Strong understanding of CSOC workflows.
• Write, test, and maintain automation scripts/workflows within SOAR platform.
• Author and maintain documentation for all scripts, integrations, and workflows.
• Design, implement, standardize, and maintain efficient and reusable Python code or other programming language.
• Review, test, debug, and resolve technical issues throughout all stages of Software Development Life Cycle
• Translate conceptual CSOC\IR requirements into technical data and integration requirements for the SOAR platform.
• Deliver API solutions that streamline, simplify, and improve efficiencies for the CSOC\IR teams as well as other enterprise Business Units.
• Design, test, and implement new playbooks for the cyber security operation center.
• Partner with CSOC/IR leadership to gather SOAR requirements, priorities, and enhancements.
• Partner with CSOC/IR teams to review the development of integrations, workflows, & scripts to ensure anticipated output is achieved.
• Implement technical modifications to integration, script, workflow based on feedback from product consumers.
• Demonstrated proficiency in cyber security platforms: SOAR, SIEM, IDS/IPS, DLP, WAF, Endpoint Security
• Experience with SOAR tools, XSOAR, Splunk SOAR, Swimlane etc
• Cloud infrastructure experience (AWS, Google, or Azure)
• Experience with and detailed knowledge of scripting languages Bash and PowerShell
• Perform or lead orchestration and automation activities (SOAR) to integrate security tools that support DSOC processes.
• Support log aggregation and log retention activities, developing custom solutions when necessary
• Support analytics, tuning, and maintenance of endpoint and network security sensors
• Work closely with other DSOC team members, threat Intelligence analysts or providers, and other Digital Security teams to improve security platforms or tools for consumers of security operations and investigations

REQUIRED

• 3-5 years of technical cybersecurity experience in Incident Response, Security Operations, Threat Intelligence, etc.
• Experience with Security Orchestration, Automation and Response (SOAR) tools and technologies (e.g. Sentinel, XSOAR/Demisto, Phantom, etc.)
• Experience with Python scripting language for automation.
• Experience with operating system internals for both Linux and Windows platforms.
• Experience with network and host-based collection tools such as Snort, Bro, Suricata, Sysmon, Osquery or commercial Enterprise Detection and Response (EDR) platforms.
• Strong understanding of a variety of security tools and technologies (IDS/IPS, EDR, XDR, SIEM, Vuln Mgmt., etc.)
• Experience with scripting such as BASH, PowerShell, and Python.
• Strong RegEx/PCRE experience
• Ability to multi-task and prioritize work effectively.
• A track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Demonstrated exceptional written and verbal communication skills.
• Excellent interpersonal skills and the ability to work effectively with people in a wide range of levels.
• Experience administering Amazon Web Services (AWS) and/or Microsoft Azure.
• Familiarity with infrastructure as code tools, such as Terraform or CloudFormation.
• Adept at extracting value from data and establishing security use cases
• Proficient in establishing standardized practices and documentation
• Possess an understanding of Syslog daemon configuration principles, ideally in Syslog-NG and RSyslog configurations
• Cloud experience (AWS, GCP, Azure, etc.)
• Cribl Experience, working with source/destination definitions, pipelines, as well as experience writing advanced regular expressions and building routes
• One or more professional audit or security certifications (e.g., Security , PenTest , CySa , CEH, OSCP, CSA, GIAC, CASp, CISSP) 
• Fundamental understanding of data and secrets security, system administration, vulnerability management, secrets management and vaulting, and platform/OS security. 
• Demonstrate high level of communication skills, both verbal and written with collaborative mindset
• Demonstrate a logical and structured approach to time management and task prioritization. 
• Familiarity with Agile and other project management methodologies. 
• Ability to work well under pressure and have great organizational and interpersonal skills. 

Recommended

• A Bachelor’s degree in Computer Science or Software Engineering. 
• One or more professional security certifications such as Certified Splunk Administrator, CISSP, OSCP, OSCE, GCIH, CASP, AWS Security, or equivalent. 
• five (5) or more years experience in Information Security, cloud security, automation.
• Familiarity with PCI DSS, HIPAA, and other industry regulations 
• Experience working with Splunk Enterprise Security. 

PERKS?

• A robust Benefits plan with coverage starting Day One
• Dental, vision, life, and other insurance plans; flexible spending accounts; short term / long term disability coverage
• Partner Care Team, for any time you have healthcare or coverage questions
• Telehealth offers 24/7 access to board-certified doctors by phone
• Partner Guidance allows free counselor visits
• Funeral leave, jury duty, and military pay (subject to applicable law)
• Maternal / paternal leave for new parents, including adoptions
• 10% off H-E-B brand products in-store and online
• Eligibility to participate in 401(k)

ISSEC3232