SOAR Engineer - L2

Job Description

As a SOAR (Security Orchestration, Automation and Response) Engineer, you will be responsible for the full development of automating and improving the daily tasks of a SOC analyst, in order to reduce containment and response times. With the large network environment, SOC analysts are asked to provide IT security analysis to many different job functions throughout the enterprise. The goal of a SOAR Engineer should be to alleviate the time-consuming tasks of an analyst and improve processes along the way.

Requirements

1. Working knowledge of Python, JSON, and familiarity with Rest API Integration is required.

2. The candidate should have experience with the management of information security tools such as SIEMs, SOAR, TIP, EDR, IPS, Sandboxes, Vulnerability Management, etc.

3. Good understanding of SOC/security management workflows in enterprise organizations.

4. Experience as a Security Incident Responder or SOC analyst/manager.

5. Experience with cloud and on-premise deployments, automation deployment technologies like Ansible, Docker.

6. Strong Application / Operating System / Networking troubleshooting skills.

7. Good Analytical & development skills.

8. OS expertise (Linux, RHEL, CentOS)

9. Excellent oral and written communication skills.

Responsibility

1. Understand the deployed products at the customer end and driving automation with them for the defined scope.

2. Develop security integrations which supports common use cases in information security management.

3. Product Deployment - Assist customers through an organized go-live process and deploy our solutions meeting customer requirements and delivery timeline.

4. Product Updates – Coordinate with our Engineering team on new product version upgrades and applying hotfixes/security patches.

5. Understand the deployed products at the customer end and driving automation with them for the defined scope.

6. Write and review security automation and designs.

7. Work with customers to understand their specific security workflows.

8. Coordination and collaboration - Work with customer’s Security Operations, Threat Intelligence, and Incident Response teams on developing and managing the needed orchestrations and automation workflows and playbooks.

9. Assist with all phases of the SOAR solution, inclusive of planning, testing, selection, and implementation.