Role Proficiency:

Develop playbooks for security events. Coordinate with the Security Operation Center and provide quality integrations with third-party systems. Enhance the integration between the workflow engine and the web platform across all customers. Create automation scenarios for investigation and response to cyber threats in various domains. Develop new integrations using relevant technology. Support and troubleshoot solutions. Support the CI process. Validate and test all Playbooks in terms of content (Not regular QA).

Outcomes:

To introduce the most effective automation solution in the market and bring benefit to our customer at the same time reduce the MTTR and the human resources in the SOC. To explore and be up to date on relevant app and follow the standards and best practices. Develop optimized code and follow the development methodology. Lead and guide internal playbooks developers. Create the best practices of CyberProof’s way to write playbooks (PB skeleton definitions logs monitoring input schemas content testing response standards etc..) Guide A1 and A2 Associates in the team to perform their responsibilities 

Measures of Outcomes:

Success in executing workflow according to the work plan Responding to customers / SOC / Product / R&D / Support according to the timeline by the TAMsac Supporting the CI and create tools for the development process. Support customer and SOC issues in production Successful new technology adoption Courses completed

Outputs Expected:

Research and developing:

Research –Relevant apps new features Playbooks development - Design and write the playbook according to the design needs

Support:

Support the CI and create tools for the development process. Support customer and SOC issues in production Support the team for all related technical issues

Troubleshooting & Creation :

Create unit test and playbook test workflows Create technical documentation for playbooks Troubleshoot
Debug and update in VSCODE

Other Responsibilities:

Sync with CDC and UCA R&D teams Meet with product team and SOC users for priority decisions. Integrate software components and third-party programs Make sure team deliverables aligned with his confer standard. Manage internal developers’ tasks and reflect the status to his managers

Skill Examples:

Python development. VSCODE and LogicApp / Azure Functions debugging process. Ability to explore Azure new features and Logic App / Functions Ability to code control using Jira Git Bitbucket etc… Ability to prepare schedules based on estimates Ability to set goals and provide feedback to team members Excellent documentation and communication skills

Knowledge Examples:

Knowledge Examples

Agile (Kanban) methodology. Knowledge in Cyber Security Knowledge in Azure and cloud native approach. Azure cloud environment (Azure Logic Apps/ Azure Functions) Excellent understanding of open API and Rest API principles.

Additional Comments:

Experience for Security Cloud Architect Resource − In-depth understanding of cloud computing concepts, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). − Expertise in designing secure and scalable cloud architectures that align with business requirements and comply with industry standards. − Proficiency in designing and implementing IAM solutions for cloud environments, ensuring proper authentication, authorization, and access controls. − Knowledge of encryption techniques and data protection mechanisms to secure sensitive data in transit and at rest within cloud services. − Understanding of regulatory requirements and compliance standards relevant to cloud security, such as GDPR, HIPAA, and industry-specific regulations. − Skill in implementing automation tools and scripts to enforce security policies, monitor configurations, and respond to security incidents in cloud environments. − Ability to conduct threat modeling exercises to identify potential security risks and vulnerabilities in cloud architectures. − Experience in developing and executing incident response plans specific to cloud environments, collaborating with incident response teams and cloud service providers. − Proficiency in establishing and maintaining continuous monitoring processes using security information and event management (SIEM) tools for cloud environments. − Strong communication skills to collaborate with cross-functional teams, executives, and external partners, translating security requirements into actionable cloud solutions. • Experience with tools: AWS (Control Tower, Organizations, SSH, Cloudtrail, GUarduty, Cloudwatch), AWS Architecture (Certification preferred), Azure Architecture, Crowdstrike, WAF ( Logic, AWS WAF), Excel, Axonius (asset mgmt.), CSPM (Wiz, Orca, Prisma, Devocean), JIRA