Security Orchestration, Automation and Response (SOAR) Engineer

Spartan Technologies, Inc. - Atlanta, GA

We are searching for a Security Orchestration, Automation and Response (SOAR) Engineer that will join the Security Operations Center (SOC) and respond to cyber threats.

 This role requires a US Citizen for Green Card Holder. Will be remote to start but will eventually need to go into the office in Atlanta, GA on a Flexible schedule.

The SOAR Engineers are responsible for the development and maintenance of the platform and are the folks who help protect our national critical infrastructure.

Responsibilities

  • Develop and implement SOC and IR systems integrations through automation and orchestration including API, PowerShell, and Python.
  • Document SOAR workflows, scripts, and code and use established code repository for tracking.
  • Join forces with our detection engineering and threat detection and response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features. You’ll also work with these teams on detection, response processes, and playbooks.
  • Develop security focused content for SIEM, including creation of complex threat detection logic and operational dashboards.
  • Prioritize and coordinate backlog of SOAR integration and automation requests, making sure we have a healthy balance between defect resolution and new features.
  • Troubleshoot SIEM data collection, notification tuning and alerting.
  • You’ll also respond to cyber threats facing networks, systems, and information assets by collecting and analyzing threat intelligence, performing security monitoring activities, and taking appropriate action based on exposure.

Minimum Qualifications

  • Minimum 4+ years of technical experience in the Information Security field with direct experience with SOAR or other automation solutions.
  • Minimum 2+ years of hands on SOC / IR experience.
  • Experience with SOAR or other automation solutions (e.g., IT automation, SIEM, case management).
  • Strong experience triaging security events using a variety of tools (SIEM / SOAR / XDR) in a security operations environment.
  • Scripting and development skills (such as BASH, Perl, Python, or Java) with strong knowledge of regular expressions
  • RESTful API experience
  • Proficiency with common cybersecurity frameworks such as MITRE ATT&CK, Kill Chain, OWASP.
  • Strong process execution, time management and organizational skills.
  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • Experience with Log Management/SIEM tools (e.g., Arcsight, IBM/Qradar, Splunk, Mcafee/Nitro, ELK, LogRythm, others)
  • Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

Preferred Qualifications

  • BS in Computer Science, Information Systems, Engineering.
  • Experience with QRadar/JSA, Cortex XSOAR/Demisto., and with endpoint security agents like Carbon Black or CrowdStrike.
  • Experience with network forensics and associated toolsets, (Moloch, WireShark, , tcpdump), analysis techniques, as well as host-based detection and prevention suites like Microsoft Defender or OSSEC.
  • Experience navigating and working in hybrid cloud environments.
  • Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
  • SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN

 



Posted On: Wednesday, September 15, 2021



Apply to this job
  • *
  • *