Job Description

Requisition Number: 45181

Corning is one of the worlds leading innovators in materials science. For more than 160 years, Corning has applied its unparalleled expertise in specialty glass, ceramics, and optical physics to develop products that have created new industries and transformed peoples lives.

Corning succeeds through sustained investment in R&D, a unique combination of material and process innovation, and close collaboration with customers to solve tough technology challenges.

The global Information Technology (IT) Function is leading efforts to align IT and Business Strategy, leverage IT investments, and optimize end to end business processes and associated information integration technologies. Through these efforts, IT helps to improve the competitive position of Corning's businesses through IT enabled processes. IT also delivers Information Technology applications, infrastructure, and project services in a cost efficient manner to Corning worldwide.

Position Description: The Cyber Security Automation Lead, is a technical position in the Corning Information Security organization. In this role, you will coordinate and deliver orchestrations and automations for the Security Operations Center functions that can automate and orchestrate cyber security event , and ensure the availability and lifecycle management of the incident response (IR) toolset. The ideal candidate will be a hands-on ability to lead and work independently, hold a substantive cyber security experience including threat intelligence, intrusion detection & response, and forensics. A solid understanding of advanced and emerging cyber orchestrations and automations methods as well as scripting capabilities to support these needs. Ability to script in the various toolsets provided by the vendor. Create and maintain playbooks/documentation in support of SOAR.

Primary Responsibilities:

* Manage SOAR and supporting services including monitoring, alarming, patching, and automation
* Develop metrics and trends that demonstrate the platform's health and operational state.
* Ability to script in the various toolsets provided by the vendor. This could be ServiceNow, Remedy, or other systems that allow for automation.
* Define, document, and implement appropriate delivery, alarming, reporting, and automation of security-relevant log information.
* Research and document security best practices to continually improve the deployment and use of supported systems.
* Responsibilities include development of new security alerts and tuning existing alerts for improving detection and accuracy.
* Assist users of the SOAR in real-time investigation and analysis
* Provide technical expertise to create logic for the appropriate SOAR.
* Provide security engineering and architecture guidance to SOC team members as needed
* Provide in-depth knowledge in network protocols, architectures, equipment, services, and standards to allow the selection of correct technologies necessary to perform various IT assessments.
* Develop and author guidance and SOPs as needed.
* Mentor specialists to improve quality and consistency of security information analysis, device troubleshooting and device management best practices.
* Excellent conceptualization, analytical and logic skills
* Strong analytical, documentation and communication skills
* Strong teamwork and collaboration skills

Required Experience:

* Six (6) or more years of general and progressive Information Technology experience to include integration and automation skills.
* A minimum of three (3) years of experience in incident response and digital forensics (DFIR)
* A minimum of three (3) years of experience in Automation and orchestration.

Desired Skills:

* Professional certification in cyber/information security (GIAC, CISSP, CISM etc.) or demonstrated comparable experience.
* Required Education: Bachelors degree in Information Technology, Computer Science, or a related field; or five to eight (5-8) years of relevant experience in lieu of a degree.
* Equivalent experience or certifications such as MCSE, MCSA Server 2012, CCNA, RHCE, GCUX, Linux Plus, and others considered
* Experience with scripting languages, PowerShell, Python, C++ C-Sharp, Bash/KSH scripting

Other:

* Travel: Limited/related to training & capability development efforts
* Some off-hours/on-call may be required

Location: Charlotte, NC ; Corning, NY or Remote possibility

This position does not support immigration sponsorship.

We prohibit discrimination on the basis of race, color, gender, age, religion, national origin, sexual orientation, gender identity or expression, disability, or veteran status or any other legally protected status.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Nearest Major Market: Charlotte