Key skills
PythonPowerShellIAMSplunkRESTfulLeadershipCommunicationCollaborationCloud Security
About this role
SOAR Platform Engineering & Administration: Configure, deploy, and maintain SOAR platforms to ensure stability, availability, and performance.
Playbook Development & Automation: Design and implement automated workflows for alert triage, threat enrichment, containment, notifications, and incident response.
Tool Integration & API Development: Build and maintain integrations between SOAR and SIEM, EDR (e.g., CrowdStrike), IAM, ticketing systems, threat intelligence, and cloud security tools.
Scripting & Custom Automation: Develop custom connectors and automation scripts using Python and PowerShell; maintain reusable code libraries.
Collaboration: Work closely with SOC analysts, detection engineers, and incident responders to automate manual processes and continuously refine playbooks.
Monitoring & Reporting: Establish dashboards to track automation success rates, error rates, and efficiency gains; proactively resolve failures and bottlenecks.
Documentation: Create and maintain SOPs, runbooks, integration diagrams, and playbook specifications for long-term sustainment.
Requirements
5+ years of experience in cybersecurity engineering or security operations with hands-on SOAR expertise.
Subject matter expertise in one or more SOAR platforms (e.g., Palo Alto Cortex XSOAR, Splunk SOAR/Phantom, Swimlane, Tines, Chronicle SOAR, CrowdStrike Fusion).
Strong proficiency in Python and PowerShell for automation and API-driven workflows.
Experience integrating security tools via RESTful APIs (SIEM, EDR, IAM, ticketing, threat intel, cloud security).
Solid understanding of SOC workflows (alert triage, incident response, escalation).
Familiarity with SIEM ecosystems and detection-to-response pipelines.
Excellent communication and collaboration skills to partner across technical and leadership teams.