Software Engineer - SOAR Platform (5-8 yrs)

Key Responsibilities :

1. Cortex SOAR Implementation and Management :

- Deploy, configure, and maintain Cortex SOAR platform within the MSSP SOC environment to support client security operations.

- Integrate the SOAR platform with other security tools (SIEM, EDR, threat intelligence platforms, firewalls) to enable automated incident response.

- Ensure Cortex SOAR is properly connected to client environments, including ingestion of logs, alerts, and telemetry data from various sources.

2. Playbook Development and Automation :

- Develop and optimize automated playbooks and workflows to handle common security incidents (e.g., phishing, malware detection, alert triage, log analysis).

- Work closely with SOC analysts to identify repetitive tasks and manual processes that can be automated using SOAR.

- Design custom playbooks tailored to client-specific security needs and response requirements.

- Continuously improve and tune playbooks based on feedback from SOC analysts and changes in the threat landscape.

3. Security Tool Integration :

- Collaborate with security engineering and DevOps teams to integrate a wide range of security tools into Cortex SOAR, including SIEMs (e.g., Splunk, QRadar), firewalls, intrusion detection systems (IDS/IPS), EDR solutions, and threat intelligence platforms.

- Ensure seamless data flow between Cortex SOAR and other tools to automate response actions (e.g., quarantining hosts, blocking IPs, updating firewall rules).

- Test and validate integrations to ensure they are functioning correctly and that automation workflows are effective.

4. Incident Response Automation :

- Work closely with incident response teams to automate the investigation, triage, and remediation of security incidents.

- Implement real-time automated responses (e.g., isolating compromised devices, disabling accounts) based on pre-defined incident types and severity levels.

- Ensure Cortex SOAR is configured to provide alerts, reports, and updates on incident status, response actions, and resolution times.

- Monitor the effectiveness of automated responses and adjust playbooks and workflows as needed to improve incident response quality.

5. Workflow Optimization and Customization :

- Analyze existing SOC workflows and identify opportunities to enhance efficiency through automation.

- Customize and create new playbooks to address evolving threats, new attack techniques, and changes in client environments.

- Work with clients and SOC teams to implement custom use cases and integrations specific to individual client security requirements.

6. Monitoring and Reporting :

- Monitor the performance of Cortex SOAR playbooks and workflows to ensure they are executing correctly and improving SOC efficiency.

- Generate reports and dashboards on automated incident handling metrics (e.g., time saved, incidents resolved via automation).

- Provide regular updates to SOC management on the effectiveness of automation efforts and recommend improvements.

- Ensure detailed logging and reporting of all automated actions taken by the SOAR platform to meet compliance and audit requirements.

7. Collaboration with SOC Teams :

- Collaborate with SOC analysts, threat intelligence, and incident response teams to refine and develop automation strategies.

- Provide training to SOC analysts and incident responders on how to leverage Cortex SOAR effectively in day-to-day operations.

- Act as the technical point of contact for troubleshooting issues related to Cortex SOAR integrations, playbooks, and platform performance.

8. Platform Maintenance and Upgrades :

- Ensure that Cortex SOAR is regularly updated with the latest software versions, patches, and features.

- Perform regular health checks and maintenance of the platform, ensuring it remains fully functional and responsive.

- Collaborate with vendor support to troubleshoot issues and apply best practices for SOAR performance.

9. Compliance and Security :

- Ensure that SOAR processes and automations align with industry regulations and compliance requirements (e.g., GDPR, HIPAA, PCI-DSS).

- Work closely with the compliance team to ensure that automated workflows meet the necessary audit and documentation standards.

- Implement security controls and access management within the SOAR platform to prevent unauthorized use and ensure data privacy.

Desired qualifications :

- Education : Bachelors degree in Information Security, Computer Science, or related field.

- Experience :

- 4+ years of experience in cybersecurity, with at least 2 years working with SOAR platforms, preferably Palo Alto Cortex SOAR.

- Strong background in SOC operations, incident response, or security engineering.