SOAR Specialist
SOAR Specialist
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Profile Summary:
As a Level 3 SOAR Specialist as part of the Cyber Defense Operations Center (CDOC) you will lead advanced security operations with a focus on SIEM and SOAR technologies driving detection engineering automated response and complex incident handling. Youll be responsible for optimizing detection rules developing playbooks and managing high-severity incidents from triage to parallel youll mentor Level 1 and 2 analysts preparing to lead your own team in the future. While EDR remains part of the security stack your primary emphasis is on engineering activities around SIEM and SOAR to enhance operational efficiency and threat mitigation. This role requires deep technical expertise leadership potential and a proactive approach to evolving threats.
Job Description :-
Manage and maintain NG SIEM solutions like Google Chronicle Crowdstrike and support in leveraging SOAR capabilities by designing and implementing SOAR playbooks including necessary integration and automation.
Support on boarding and maintenance of a wide variety of data sources to include various OS appliance and application logs. Create Custom queries custom dashboards and visualizations.
Develop and fine tune content for the different tools including but not limited to SIEM Use Cases SOAR playbooks Threat intelligence watchlist and rules.
Select and recommend additional security solutions or enhance existing security solutions to improve overall METRO detection and response capabilities as per the METRO cyber security strategy.
Develop appropriate use cases/playbooks/models/reports and alerts & develop custom parsers/connectors for integrating logs wherever necessary or required.
Perform analysis on the reported incidents determine the root cause and recommend the appropriate solution.
Use and apply learnings from incident and provide recommendation for standardizing the NG SIEM Solution.
Reduction of False Positives by fine tuning existing correlation rules/configuration/playbooks/models
Automation with continuous improvements Reduction in MTTR MTTD and Improvement of overall posture of NG SIEM deployment to achieve best ROI.
Ensure the confidentiality integrity and availability of the data residing on or transmitted to/from/through SOC controls.
Generate reports and documentation related to platform performance and continuous improvement recommendations for management and stakeholders.
Ensure the SIEM integration is intact among the SOC solutions and with other assets
Design create and customize the dashboards/reports as per the business needs.
Create and manage NG SIEM knowledge objects to include apps dashboards saved and scheduled searches and alerts.
Qualifications :
Exp and Qualification:
Bachelors degree in Computer Science Information Technology Cybersecurity or a related field. A Masters degree or relevant certifications (e.g. CISSP CISM SANS/GIAC ECIH GCIH CEH DFIR) may be preferred.
7-11 years of total experience in SOC in a large multi-national organization or in a known addition to minimum 8 years of SOC Engineering experience candidate should posses at least 2 years of experience on Incident Response capabilities.
Technical & Soft Skills:
In-depth knowledge and hands-on experience with SOC technologies and tools such as Google Chronicle SIEM CrowdStrike EDR/EPP Vectra NDR Recorded Future TI etc.
Strong knowledge and skills in scripting and development of automation and orchestration code.
Strong hands-on experience with various operating systems networking protocols and application architectures.
In-depth Knowledge of industry standards and frameworks such as MITRE ATT&CK Magma Framework NIST CSF ISO 27001 etc.
Proficiency in scripting languages (e.g. Python PowerShell) for automation and analysis.
Familiarity security operations center (SOC) operations incident response threat detection and vulnerability management.
Analytical and problem-solving skills to identify and troubleshoot SOC platform technical issues.
Ability to adapt to changing security threats and evolving business requirements.
Strong organizational and time management skills with the ability to coordinate and prioritize multiple tasks simultaneously.
Ability to work under pressure especially during critical security incidents.
Ability to conduct independent research and analysis identifying issues formulating options and making conclusions and recommendations.
Skilled in developing professional documentation and detailed reporting (including PowerPoint presentations) including policies standards processes and procedures
Very high attention to detail with strong skills in managing/presenting data and information.
Demonstrable conceptual analytical and innovative problem-solving and evaluative skills.
Excellent communication and interpersonal skills to effectively collaborate with stakeholders and internal teams.
Remote Work :
No
Employment Type :
Full-time
Employment Type
Full-time
