The Senior SOAR Playbook Developer is part of the Product Engineering team and reports to the Director of Product Engineering. The Senior SOAR Playbook Developer will be a senior technical individual contributor position. The Senior SOAR Playbook Developer will provide playbook lifecycle management and lead the development of Security Orchestration, Automation, and Response (SOAR) playbooks that improve the efficiency and effectiveness of security operations provided by the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS- and EI-ISAC) to U.S State, Local, Tribal, and Territorial (SLTT) organizations.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry-leading best practices for securing IT systems and data. CIS is also a trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities and election offices.

CIS has an award-winning reputation for investing in its people (click here to learn more), as well as continuous learning and development. We offer our employees diverse opportunities to expand their impact personally and professionally, in their local communities, and among one another. Core Leadership Principles drive our employees at every level of the organization, empowering them to be leaders in everything they do.

• Base salary is determined on a number of factors including, but not limited to, education, experience and skills
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

• Design, build, test, deploy, maintain, and document new SOAR playbooks to extend the existing security capabilities of the MS- and EI-ISAC
• Develop creative new approaches to accelerate threat detection, responses, and proactive defenses. Orchestrate information between Security Operations Center (SOC), Cyber Threat Intelligence (CTI), and Cyber Incident Response Team (CIRT) analysts, improving the relevance and actionability of products
• Lead playbook development and deployment with multi-functional team members. Collaborate with and provide feedback to the analysts, engineers, and product managers as you operationalize innovative security automation and orchestration into security operations.
• Make recommendations to leadership on capabilities, direction, investments, and divestments of technologies, products, and services
• Actively research emerging security practices and workflows and operationalize findings to better enhance our offerings
• Develop and manage the playbook development lifecycle, including change control process and quality assurance standards for automation and orchestration, to ensure changes are tested, rollback plans created, and that playbooks do not negatively impact integrated business systems or operations
• Assist internal support teams with troubleshooting highly technical issues that cannot be resolved by lower-tiered support levels
• Provide briefings and training to SLTT members, MS-ISAC and EI-ISAC executive committees, and internal stakeholders on cyber defensive technologies. This position will closely align with the Sales, Marketing, and Communications teams to assist with pre- and post-sales support and provide input to develop materials for members
• Other tasks and responsibilities as assigned

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field* 
• 4+ years’ experience in network and security operations. Minimum 2 years’ experience in SOC analysis and threat hunting 
• 3+ years’ experience in SOAR and information automation 
• 1+ years’ experience building/integrating security operations processes in large environments  
• Operational experience in Application Programming Interface (API) technologies and integrating security tools such as firewalls, intrusion detection and prevention systems, endpoint security tools, and other data sources into automated workflows
• Proficient in Python development
• Proficient with SQL
• Significant experience with orchestrating processes, developing custom integrations, and designing advanced decision-making logic
• Experience with designing and implementing automation and orchestration best practices, including playbook lifecycle management and development of key performance indicators (KPIs)
• Experience with cyber defense technologies, asset management technologies, Security Event and Incident Management (SIEM) platforms, Threat Intelligence Platforms (TIPs), information and enrichment services, and the MITRE ATT&CK framework
• Solid client-facing and internal communication skills  
• Excellent organizational skills, including attention to detail and multi-tasking skills 
• The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**

It's a Plus if You Have:

• Master’s degree in Computer Science, Business, or related field
• Strong presentation capabilities
• Experience with Cyware Orchestrate and/or Devo SOAR (e.g. LogicHub) SaaS platforms  
• Relevant industry certifications in Python, SQL, Data Science, Data Engineering, and/or SOC Automation 
• Experience in vendor management and relationships
• Familiarity with Agile DevOps and project management

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

**Factors that may cause a negative Fitness Review decision include:

• Criminal Conduct
• Dishonest Conduct
• Employment Misconduct
• Alcohol Abuse
• Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction)
• False Statements
• Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.