SOC Automation Engineer (Remote)

Description

• Be part of organizations SOAR DevOps team which manages and architects SOAR solutions for our customers.
• Working on the most advanced SOAR platform, covering more use cases and more automation's as well as creating integration's to 3rd party products, and expanding the threat intelligence capabilities of XSOAR
• This organisations customers are counting on you to perform this work and train their staff. And while experience on Cortex XSOAR platform is desired, even more important is having a solid foundation in security operations and capabilities.

• Assist customers with their Incident Response efforts leveraging Palo Alto Networks Cortex XSOAR / Demisto or equivalent SOAR Product for Security Orchestration Automation and Response.
• Learn & understand the customer's business requirements and the threat landscape that is most applicable to their industry's vertical sector.
• Ability to refine and translate complex requirements and execute best practice solutions
• Ability to create Playbook and Uses Cases for SOC/SOAR investigation and integrated into Cortex XSOAR Solutions.
• Be a security expert for further enhancement of the security posture provided to the customer and deliver support when appropriate.
• Lead SOAR technical implementation/operations in a customer environment.
• Interact with Security and IT technologies relating to customer environment.
• Ability to communicate effectively in crisis situations with all levels of an organization from Engineering/Operations to CIO/CISO audiences.
• Ability to relay highly technical concepts to non-technical audience.
• Ensure client needs are met and deliverables produced on time according to specified project deliverables and scope.

• Proven automation abilities (preferably with Python).
• Experience in leading a SOC/SOAR environment and mentoring SOC/SOAR Analyst.
• Experience in implementing any SOAR Platform in large enterprise networks into customer's SOC/SOAR, with innovative technical solutions and runbooks.
• Strong Knowledge in Use Case, Workflows Threat Hunting, DFIR and experience in automating them in a SOC/SOAR environment.
• Ability to provide complex solutions in customer environments and execute/document said solutions by self or as a team leader.
• Knowledgeable on Security Technologies - Firewalls, Endpoint prevention, SIEM, Vulnerability management tools both from a business driver and Technical standpoint.
• Experience with security incident response or SOC operational processes - manual and automated is a plus.
• Coding experience - ability to develop and maintain scripts in Python and/or JavaScript.
• Able to troubleshoot and be a problem solver with analytical proficiency in Linux.
• Communication by API (REST required, Graphql is a plus).
• Good knowledge of Git, monitoring of projects in Gitlab.
• CI/CD Methodologies.
• Desirable - Solutions (Docker, Ansible, Terraform). Previous experiences - Python, Splunk, QRAdar, Arcsight, Seimplify, ServiceNow, Phantom, Demisto, IBM Resilient