SOAR Security Engineer – SOC Automation

We are seeking a SOAR Security Engineer – SOC Automation Specialist who blends SOC Analyst expertise with SOAR development to bridge the gap between incident response and security automation. This role requires hands-on experience investigating security alerts and incidents while documenting and automating workflows in real time to improve SOC operations.

The ideal candidate will work closely with SOC Analysts, Security Engineers, and SOAR Developers to identify repeatable processes, develop automation playbooks, and enhance security response efficiency.

Key Responsibilities:

• Monitor, analyze, and respond to security alerts and incidents as a Level 3 SOC Analyst.
• Develop and implement automation playbooks using SOAR platforms (e.g., Splunk SOAR, Cortex XSOAR, Swimlane, IBM Resilient).
• Identify repetitive SOC workflows and convert them into automated processes using Python and APIs.
• Document security investigations, triage workflows, and response steps to facilitate automation development.
• Work closely with SOC analysts and SOAR developers to optimize alert handling, containment, and remediation processes.
• Test, troubleshoot, and refine automation playbooks to improve effectiveness and reduce false positives.
• Collaborate with security engineers to refine detection rules, enhance alerting logic, and improve security visibility.
• Stay up to date on emerging cyber threats, attack techniques, and security automation best practices.

Must-Have Qualifications:

• 5+ years of experience as a Level 3 SOC Analyst, with deep experience in triage and incident response.
• Hands-on experience with SOAR platforms, such as Splunk SOAR, Cortex XSOAR, Swimlane, or IBM Resilient.
• Proficiency in Python or scripting languages for security automation and API integrations.
• Strong knowledge of SIEM (Splunk, QRadar, Microsoft Sentinel), EDR (CrowdStrike, Defender, Cortex XDR), and log analysis.
• Experience with security frameworks like MITRE ATT&CK, CIS, NIST, and ISO 27001.
• Ability to identify automation opportunities within SOC processes and work with developers to implement playbooks.
• Strong analytical skills for malware analysis, phishing investigations, and advanced threat detection.
• Familiarity with cloud security monitoring (AWS, Azure, or GCP) and security tool integrations.

Preferred Qualifications:

• Experience with REST APIs and integrating security tools within a SOAR platform.
• Familiarity with Infrastructure-as-Code (IaC) for security automation.
• Previous experience working in MSSP/MDR environments or large-scale enterprise SOCs.
• Certifications such as GIAC GCFA, GCIA, GCIH, CISSP, or equivalent.