Primary Skills: Splunk Phantom/ Palo Alto Networks Cortex XSOAR/Swimlane/BM Resilient, Ansible, SIEM tools,
Secondary Skills: QRadar, LogRhythm, Sumo Logic, or Elastic Stack
Deploy, configure, and manage Security Orchestration, Automation, and Response (SOAR) platforms such as Splunk Phantom, IBM Resilient, Palo Alto XSOAR, or ServiceNow SecOps.
Develop playbooks and automation scripts to streamline security incident response and reduce response time.
Integrate SOAR platforms with SIEM, EDR, threat intelligence, and other security tools to enhance automation capabilities.
Analyze security alerts, incidents, and logs to create automated workflows and improve incident triage.
Work closely with SOC teams to understand use cases and implement automation strategies for improved efficiency.
Assist in fine-tuning SOAR workflows, troubleshooting automation failures, and ensuring operational effectiveness.
Automate security operations processes using Python, Bash, or PowerShell.
Ensure compliance with security policies and standards such as NIST, ISO 27001, and SOC 2.
2+ years of hands-on experience with SOAR platforms and security automation.
3+ years of experience in cybersecurity operations, incident response, or threat intelligence.
Strong understanding of security event correlation, playbook development, and incident response workflows.
Knowledge of API integrations, RESTful services, and scripting for automation.
Familiarity with cloud security automation in AWS, Azure, or Google Cloud.
Relevant certifications such as Splunk SOAR Certified Automation Developer, Palo Alto XSOAR Certified Engineer, or GIAC Security Automation Engineer (GSAE) are preferred.
Strong problem-solving skills, attention to detail, and ability to work in a fast-paced security environment.
Flexible to work on 24/7 rotational shifts
Skills:
- Security Infrastr Service Ctr
- Unix
- Wintel/Windows Server