Fresenius Medical CareRemote
Principal Analyst Cyber Security Operations - SOAR
United States
Full Time
1 day ago
$118,000 - $196,000 USD
H1B Sponsor Likely
Key skills
SOAR engineeringAutomation engineeringScripting/programmingAPI integrationsCI/CD toolsAI-driven automationCloud security toolsIncident responseSOC processesMentorshipPythonGoPowerShellAIMachine LearningMLLLMAnalyticsNodeJSAzureAzure DevOpsSplunkGitHubGitLabCI/CDCloud Security
About this role
Fresenius Medical Care is seeking a Principal Analyst to lead the engineering and development of advanced enterprise-wide detection and threat analytics capabilities. The role focuses on driving security engineering strategy, AI-enhanced detection logic, and automating security operations to improve response times and reduce manual workloads.
Responsibilities:
- Lead architecture, development, and maintenance of SOAR playbooks and automation pipelines
- Automate repetitive security operations and security engineering workflows (EDR, VM scanning, SIEM enrichment, IR actions)
- Integrate security tools and platforms using APIs, scripting, and microservices
- Improve MTTR and reduce operational overhead through intelligent automation by closely partnering with Security Engineering, IT Operations, and Cloud Teams
- Develop KPIs to measure automation impact and report operational improvements
- Lead POCs for new automation platforms and evaluate opportunities for AI-based operations
- Provide mentorship and code reviews for automation engineers and analysts
- Partner with security engineering on telemetry strategy, logging requirements, and architectural standards for monitoring visibility
- Integrate AI/ML driven detection capabilities into existing pipelines, validating model performance and reducing false positives
- Maintain ingestion pipelines, parsing logic, normalization rules, and event taxonomies across critical log sources: identity, endpoint, cloud, network, application, and medical systems
- Lead the design, implementation, and optimization of enterprise-wide detection content, including correlation rules, behavioral analytics, machine learning assisted detections, and anomaly models
- Develop detection playbooks and logic focused on lateral movement, credential abuse, insider threats, privilege escalation, cloud compromise, and advanced persistent threats
- Tune, optimize, and enrich detection pipelines with contextual data (identity, asset, threat intelligence, vulnerability data)
- Mentor analysts and engineers globally on detection logic development, data analytics, and platform best practices
- Serve as a senior escalation point for complex security incidents and investigations
Requirements:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience)
- 5+ years in automation engineering, SOAR engineering, or DevSecOps
- Strong scripting/programming experience (Python required; PowerShell, Go, or NodeJS a plus)
- Hands-on experience with SOAR platforms (Cortex XSOAR, Splunk SOAR, Microsoft Sentinel automation)
- API integrations and REST/JSON workflows
- CI/CD tools (GitHub, GitLab, Azure DevOps)
- Deep understanding of SOC processes, alerting workflows, and incident response
- Experience integrating EDR, VM, identity, and cloud security tools
- Experience with AI-driven automation or LLM-assisted workflow design
- Certifications: GCSA, GCFA, GCIH, scripting/DevOps certs
- Experience in hybrid or multi-cloud environments