Careers @ CIS
Security Automation Engineer
CIS is home to the CIS Benchmarks, a set of secure configuration best practice guides, and the Critical Security Controls (the Controls), a set of cybersecurity best practices, both developed by international security experts and which have been implemented by thousands of customers around the world.
The Security Automation Engineer is assigned to the Security Controls and Automation (SCA) business line. The primary purpose of this position is to work as a member of the SCA team and to help influence a standardized ecosystem of security-automation-aware tools. This position will require a strong background in security automation standards and computer science. The Security Automation Engineer will report to the Technical Director.
Duties and Responsibilities
Lead OVAL Language moderation community
Function as a Product Owner for the CIS OVAL Repository
Define and implement a simplified OVAL Adoption program
Participate in the IETF Security Automation and Configuration Monitoring (SACM) working group
Perform security automation workflow discovery (i.e. customer outreach)
Collaborate with other SCA team members as needed
Other duties as assigned
Bachelor's Degree in Computer Science or related field and five years related work experience
Five years' experience in the Cyber Security/Technology field reviewing, implementing, or influencing system security concepts and controls
Specification authorship in recognized standards organization(s)
Four years' experience in the security automation domain including expertise in Security Content Automation Protocol (SCAP) and related schemas such as Open Vulnerability and Assessment Language (OVAL), Extensible Configuration Checklist Description Format (XCCDF), Common Configuration Enumeration (CCE) and Common Platform Enumeration (CPE)
Demonstrated experience with specification writing
Proficiency in XML, JSON, Git.
Strong attention to detail
Excellent written, verbal, and presentation skills
Excellent interpersonal skills and professional demeanor
Excellent customer service skills
Proficient in Microsoft Office Applications
Coding experience in Python, Java, Groovy, PHP
Experience with CBOR
Personal and Professional Qualitites
The successful candidate will possess the personality traits, work habits, communication, and social skills necessary to work effectively within a dynamic and highly operational not-for-profit environment. This person will have exemplary personal and professional integrity and demonstrate strong interpersonal skills. In addition, the qualified candidate will have a strong desire to succeed in a nationally and internationally recognized operational environment.
CIS offers a competitive compensation and benefits package, including a 401(k) plan, tuition reimbursement, on-site wellness program, community involvement opportunities, along with an environment that promotes growth and professional development.