SOAR Engineer (Intermediate)
THE IDEAL SOAR ENGINEER WILL WORK IN A CROSS-FUNCTIONAL CAPACITY TO IDENTIFY, PROPOSE, DESIGN, DEVELOP, IMPLEMENT, INTEGRATE, AND MAINTAIN SECURITY. THE SOAR ENGINEER MUST BE A CYBERSECURITY AND TECHNICAL EXPERT WITH THE ABILITY TO CLEARLY IDENTIFY, CAPTURE, ARTICULATE, DESIGN, IMPLEMENT, AND MAINTAIN SECURITY OPERATIONS USES CASES, INCLUDING DEVELOPING INTEGRATION CODE TO PROVIDE INTEROPERABILITY BETWEEN DISPARATE IT AND SECURITY SOLUTIONS AND INFRASTRUCTURE COMPONENTS. THE SOAR ENGINEER MUST HAVE A SOLID BACKGROUND IN CYBERSECURITY TECHNOLOGIES, INCLUDING DEPLOYING ENTERPRISE PLATFORMS, CONDUCTING DEMONSTRATIONS, CREATING PRODUCT DOCUMENTATION, TRAINING SECURITY ANALYSTS, AND SUSTAINING ENTERPRISE TECHNOLOGY SERVICES. ADDITIONALLY, THE ENGINEER MUST HAVE A SOLID UNDERSTANDING OF SECURITY OPERATIONS, INCIDENT RESPONSE, THREAT MANAGEMENT, AND ENTERPRISE IT AND SECURITY ENGINEERING.
Roles & Responsibilities
- The SOAR Engineer must be a cybersecurity and technical expert with the ability to clearly identify, capture, articulate, design, implement, and maintain security operations uses cases, including developing integration code to provide interoperability between disparate IT and security solutions and infrastructure components.
- The SOAR Engineer must have a solid background in cybersecurity technologies, including deploying enterprise platforms, conducting demonstrations, creating product documentation, training security analysts, and sustaining enterprise technology services.
- Engineer must understand security operations, incident response, threat management, and enterprise IT and security engineering.
- The SOAR Engineers provide expert support for the analysis, development and integration of the Swimlane SOAR Platform along with providing technical expertise to operational users.
- Works on complex technical problems and provides innovative solutions. Develops advanced technological ideas and guides their development into a final product.
- Automate Security Incident Response processes providing the ability to analyze and resolve alerts from existing security tools leveraging a single stream management system
- Develop and maintain custom Swimlane applications for IR workflow (e.g. create custom application to automate intelligence gathering)
- Assist with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions
- Organization of requirements into user stories that are Independent, Negotiable, Valuable, Estimable, Small and Testable
- Integrate SOAR platform with other security tools and APIs to execute automated workflows
- Author, test, and maintain automation scripts/workflows within SOAR platform
- Design, implement, and maintain efficient and reusable Python code
- Review, debug, and resolve technical issues throughout all stages of SDLC
- Coordinate with System Administrators, Engineers, and ISSOs to provision service accounts and/or grant required permissions
- Measure effectiveness of process improvement and automation efforts via metrics and KPIs
Qualifications and Education Requirements
- Bachelor’s degree in Computer Science, Engineering, or related field.
- Expert proficiency in Python scripting Working knowledge of REST APIs, JSON, HTML/CSS, Java-script, XML
- Experience deploying in high availability environments using Kubernetes
- Experience managing and maintaining MongoDB General networking knowledge to include operation of routers, firewalls, DNS, DHCP, subnetting, VPNs and Web Proxies
- IAT II Certification (Sec+, CCNA Sec, CYSA+, GSEC, SSCP, etc.)
- Active Secret clearance
- Must be a US Citizen or have permanent residency status.
- We seek out emerging technologies
- Align ourselves with progressive technology partners
- Provide our employees with challenging opportunities to unite the two.
- Comprehensive Medical Insurance
- Comprehensive Dental Insurance
- 401K Plan
- Tuition Reimbursement Plan
- Referral Bonus Program