Develop and maintain automation scripts and tools to streamline security operations and response processes, reducing manual tasks and improving efficiency.
Collaborate with cybersecurity analysts and IT teams to identify repetitive and time-consuming tasks that can be automated, such as alert triage, incident response actions, and reporting.
Design, test, and implement automation workflows using scripting languages (e.g., Python, PowerShell) and automation platforms (e.g., Phantom, Ansible) to integrate security tools and systems.
Work closely with the security engineering team to integrate and automate security scanning tools, vulnerability management systems, and other security solutions within the CSOC environment.
Contribute to the continuous improvement of the security incident and event management (SIEM) system by automating the ingestion, parsing, and normalization of log data from various sources.
Develop and maintain documentation for automation scripts, workflows, and procedures to ensure clarity and consistency in automated operations.
Monitor the effectiveness of automation strategies and tools, making adjustments and updates as necessary to address new security challenges and operational needs.
Participate in security incident response efforts, leveraging automation to accelerate detection, analysis, and remediation activities.
Stay abreast of the latest cybersecurity threats, technologies, and automation best practices, incorporating innovative approaches into the CSOCs automation strategy.
Engage in knowledge sharing and training sessions with CSOC team members to increase awareness and understanding of automation capabilities and benefits.