Cybersecurity SOAR Playbook Engine Developer – 6 Month Internship

Swissquote

Job Location:

Nyon - Switzerland

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Join our Security Operations Center (SOC) Team a team of four engineers within the Cybersecurity Department. You will work in a dynamic environment gaining key skills in security automation and incident response while becoming familiar with the banking and finance threat landscape.

Under the supervision of the Security Operation Manager you will take part in the following projects:

Playbook Engine Development: Building and enhancing the core SOAR playbook execution engine using Python 3.9. Implementing YAML parser workflow executor conditional logic evaluator and decision tree engine.
Playbook Creation: Designing YAML-based SOAR playbooks for automated incident response. Creating workflows for phishing detection malware analysis ransomware response threat intelligence enrichment and IOC blocking.
Custom Utility Development: Developing Python utility functions and helpers to extend playbook capabilities. Building data transformation logic and security analysis functions. Execution Framework: Implementing error handling logging monitoring performance optimization parallel execution and async operations.
Testing & Quality Assurance: Writing unit tests and creating regression test suites. Testing playbooks with realistic security scenarios and validating end-to-end automation flows. Implementing and enforcing coding standards through linting tools.
Collaboration: Working closely with the Integration Intern to understand available connectors and ensure playbooks effectively utilize all integrations.

Qualifications :

Good proficiency in Python
Good knowledge of YAML syntax and workflow definition
Basic understanding of cybersecurity fundamentals and incident response
Interest in security operations and SOC processes
Familiarity with threat landscapes and security concepts
Basic experience writing tests or willingness to learn
Experience with version control (Git)

Nice-to-Have Skills

Experience with SOAR platforms (Splunk SOAR Cortex XSOAR etc.)
Familiarity with security tools (Splunk QRadar Chronicle CrowdStrike)
Experience with linting tools
Knowledge of workflow engines or orchestration systems

Additional Information :

Availability: from July 1st 2026

SQ2

Remote Work :

Employment Type :

Full-time

Under the supervision of the Security Operation Manager you will take part in the following projects:

Playbook Engine Development: Building and enhancing the core SOAR playbook execution engine using Python 3.9. Implementing YAML parser workflow executor conditional logic evaluator and decision tree engine.
Playbook Creation: Designing YAML-based SOAR playbooks for automated incident response. Creating workflows for phishing detection malware analysis ransomware response threat intelligence enrichment and IOC blocking.
Custom Utility Development: Developing Python utility functions and helpers to extend playbook capabilities. Building data transformation logic and security analysis functions. Execution Framework: Implementing error handling logging monitoring performance optimization parallel execution and async operations.
Testing & Quality Assurance: Writing unit tests and creating regression test suites. Testing playbooks with realistic security scenarios and validating end-to-end automation flows. Implementing and enforcing coding standards through linting tools.
Collaboration: Working closely with the Integration Intern to understand available connectors and ensure playbooks effectively utilize all integrations.

Qualifications :

Good proficiency in Python
Good knowledge of YAML syntax and workflow definition
Basic understanding of cybersecurity fundamentals and incident response
Interest in security operations and SOC processes
Familiarity with threat landscapes and security concepts
Basic experience writing tests or willingness to learn
Experience with version control (Git)

Nice-to-Have Skills

Experience with SOAR platforms (Splunk SOAR Cortex XSOAR etc.)
Familiarity with security tools (Splunk QRadar Chronicle CrowdStrike)
Experience with linting tools
Knowledge of workflow engines or orchestration systems

Additional Information :

Availability: from July 1st 2026

SQ2

Remote Work :

Employment Type :

Full-time

Key Skills

Apply Now

About Company

Swissquote

As a leading provider of online financial services, Swissquote Group offers innovative solutions and comprehensive services to meet the wide-ranging demands of its global clients.With an Online Trading Platform linked to more than 60 stock markets in over 40 countries, including off-e ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click