Role : SOAR Engineer Experience : 5+ years Location : Bangalore Description: 5+ of experience in handling SOAR platforms – Swimlane , Cortex XSOAR , Splunk SOAR , Azure Logic Apps, etc. Hands-on experience in SOAR Implementation Key member of the Security automation team responsible for driving overall security automation strategy, defining and providing input for product roadmaps, managing the development and day to day operations of orchestration products, and solutions Design and implement new features, technologies and solutions which help reduce mean-time-to-resolution of security events, threats and/or incidents Develop playbooks for automation use cases on SOAR platforms. Understand the security processes & develop playbooks for automation of processes. Create dashboards & case management in SOAR platforms. Develop custom Python packages to normalize disperse data sources to help our SOC make informed, data-driven decisions Lead the design and development of automated frameworks for Security Tools by leveraging a mix of scripting languages, open-source tools or COTs products Act as the point of contact for assigned projects Serve as an interface to our Security Operations Center (SOC) for key Incident Response, and Threat Intelligence use case automation development initiatives leading to; designing solutions that converts analyst use cases into automation pipelines using COTS and/or Open-source products. Additionally, enhancing automation pipelines by developing custom response actions / workflows to enhance automated responses Act as the connection point between the SOC/Threat/IR and Orchestration & Automation team to solve complex problems. Determine operational feasibility by evaluating problem scope/definition, requirements, and provide proposed solutions Play a critical role in automating specific SOC roles/functions out of existence Develop, test, and implement out-of-the-box approaches to identify malicious and suspicious behavior in logs, network traffic or other network forensic related data-sets Responsible for identifying integration opportunities between the various tools to help create a unified and streamlined ecosystem Create, enhance and continuously update documentation and knowledge base (user guides, quick starts, documentation, blog posts, demos) Prepare and/or present briefings on Orchestration related solutions, and recommendations tailored to varying levels of technical expertise Must Have : Proficiency in Python scripting Working knowledge of REST APIs, JSON, HTML/CSS, Java-script, XML, Terraform and/or YAML. Experience working with automation solutions such as Cortex SOAR, Phantom, etc Solid background in cybersecurity technologies, understand security operations, incident response, threat management, and enterprise IT and security engineering. Experience with JSON, PowerShell, MS SQL and VB scripts. Experience in AWS (IAM, Config, CloudTrail, CloudWatch, Guard duty, WAF, S3, Lambda, RDS, and more). Demonstrated ability to perform and document manual and automated security testing Understanding of cloud and networking, web-based content delivery platforms and filesystem operation, architecture, patching and security Experience in application security and security testing technologies and techniques. Experience in deploying cloud-native and third-party technologies to secure cloud platforms and workloads in AWS and/or Azure.
Job Title
SOAR Engineer