TalentFish is partnering with an innovative organization investing heavily in the next generation of Security Operations. The Information Security Engineer role focuses on building SOAR playbooks, developing automation, and enhancing incident response capabilities within a collaborative team environment.
Responsibilities:
- Design, develop, and maintain SOAR playbooks to automate alert triage, investigations, and incident response
- Build security automations using Python, APIs, and SOAR platforms
- Create new detections and improve visibility across the SOC
- Support incident response, threat investigations, and SIEM engineering initiatives
- Develop and tune detection logic using Yara-L, CQL, SPL , and other SIEM query languages
- Partner with security engineers to advance AI-driven Security Operations initiatives
- Analyze malware, suspicious activity, and security events to improve response capabilities
- Participate in an on-call rotation approximately one week every 6–8 weeks
Requirements:
- 5+ years of cybersecurity or Security Operations experience
- Hands-on experience building SOAR playbooks from scratch (not just maintaining existing ones)
- Strong Python scripting skills
- Experience with REST APIs and security automation
- Experience developing threat detections and improving SOC visibility
- Strong knowledge of SIEM platforms and query languages such as Yara-L, CQL, SPL, or similar
- Experience with incident response, threat hunting, or SOC engineering
- Builder mindset with a passion for creating new processes and automation
- Excellent communication and collaboration skills
- Experience supporting AI-enabled Security Operations initiatives
- Purple Team or detection engineering experience
- Security certifications such as GIAC, CISSP, or similar
- Experience with PowerShell or Go
- Healthcare industry experience is welcome but not required