Security Orchestration, Automation and Response (SOAR) Engineer
Contract To Hire
"Security Orchestration, Automation and Response (SOAR) Engineer"
with one of our direct clients in
for initial contract duration of
No third party candidates considered for this position. US citizens and all those authorized to work in the US are encouraged to apply.
What You’ll Do :
- First, you’ll be able to tell people to cut it out with the puns about SOARing in your career. (We’re sorry about that last joke.) Reporting to the Senior Manager of Threat Detection and Response, here are some of the duties you’ll get to fulfill on the regular:
- Develop and implement SOC and IR systems integrations through automation and orchestration including API, PowerShell, and Python.
- Document SOAR workflows, scripts, and code and use established code repository for tracking.
- Join forces with our detection engineering and threat detection and response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features. You’ll also work with these teams on detection, response processes, and playbooks.
- Develop security focused content for SIEM, including creation of complex threat detection logic and operational dashboards.
- Prioritize and coordinate backlog of SOAR integration and automation requests, making sure we have a healthy balance between defect resolution and new features.
- Troubleshoot SIEM data collection, notification tuning and alerting.
- You’ll also respond to cyber threats facing Client networks, systems, and information assets by collecting and analyzing threat intelligence, performing security monitoring activities, and taking appropriate action based on exposure.
What’s In It For You?
Really good question, and we have some good answers that we hope you like.
We want you to feel cared for and respected (like you do with our customers), and that starts with Client highly competitive pay and other compensation perks (401k + company matching, comprehensive medical benefits, etc.). We also offer free Internet and other Client discounted services, tuition reimbursement for academic pursuits, adoption assistance, paid time off to volunteer, childcare and eldercare resources, pet insurance and much more.
Good work should be rewarded, and not just with a healthy paycheck. The Client culture is one that values people more than technology, so it’s our goal to make sure you feel recognized for your contributions. It’s also important to work alongside colleagues who “get you.” At Client, you’ll find a workplace where relationships are crafted with care and successes are celebrated with high fives. We strive to create an environment where you can do you, and everyone from leadership to new hires can support and feel supported.
Growth is a good thing, and you’ll have opportunities to learn and train so you can sharpen your skills and explore opportunities across the Client family of businesses that will continue to challenge and empower you. In the future, you may have the opportunity to cultivate customer relationships in other sectors where we operate like cleantech, health care and new forms of transportation mobility.
Who You Are :
- Because this job fills such a specific niche, we’re looking for some unique qualifications. Here are some of the requirements that will assure you’re on track for this opportunity:
- Four or more years of technical experience in the Information Security field with direct experience with SOAR or other automation solutions.
- Minimum 2 years of hands on SOC / IR experience.
- Experience with SOAR or other automation solutions (e.g., IT automation, SIEM, case management).
- Strong experience triaging security events using a variety of tools (SIEM / SOAR / XDR) in a security operations environment.
- Scripting and development skills (such as BASH, Perl, Python, or Java) with strong knowledge of regular expressions
- RESTful API experience
- Proficiency with common cybersecurity frameworks such as MITRE ATT&CK, Kill Chain, OWASP.
- Strong process execution, time management and organizational skills.
- Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Experience with Log Management/SIEM tools (e.g., Arcsight, IBM/Qradar, Splunk, Mcafee/Nitro, ELK, LogRythm, others)
- Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- BS in Computer Science, Information Systems, Engineering.
- Experience with QRadar/JSA, Cortex XSOAR/Demisto., and with endpoint security agents like Carbon Black or CrowdStrike.
- Experience with network forensics and associated toolsets, (Moloch, WireShark, , tcpdump), analysis techniques, as well as host-based detection and prevention suites like Microsoft Defender or OSSEC.
- Experience navigating and working in hybrid cloud environments.
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
- SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN