Security Orchestration, Automation and Response (SOAR) Engineer
Spartan Technologies, Inc.
- Atlanta, GA
We are searching for a Security Orchestration, Automation and Response (SOAR) Engineer that will join the Security Operations Center (SOC) and respond to cyber threats.
This role requires a US Citizen for Green Card Holder. Will be remote to start but will eventually need to go into the office in Atlanta, GA on a Flexible schedule.
The SOAR Engineers are responsible for the development and maintenance of the platform and are the folks who help protect our national critical infrastructure.
- Develop and implement SOC and IR systems integrations through automation and orchestration including API, PowerShell, and Python.
- Document SOAR workflows, scripts, and code and use established code repository for tracking.
- Join forces with our detection engineering and threat detection and response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features. You’ll also work with these teams on detection, response processes, and playbooks.
- Develop security focused content for SIEM, including creation of complex threat detection logic and operational dashboards.
- Prioritize and coordinate backlog of SOAR integration and automation requests, making sure we have a healthy balance between defect resolution and new features.
- Troubleshoot SIEM data collection, notification tuning and alerting.
- You’ll also respond to cyber threats facing networks, systems, and information assets by collecting and analyzing threat intelligence, performing security monitoring activities, and taking appropriate action based on exposure.
- Minimum 4+ years of technical experience in the Information Security field with direct experience with SOAR or other automation solutions.
- Minimum 2+ years of hands on SOC / IR experience.
- Experience with SOAR or other automation solutions (e.g., IT automation, SIEM, case management).
- Strong experience triaging security events using a variety of tools (SIEM / SOAR / XDR) in a security operations environment.
- Scripting and development skills (such as BASH, Perl, Python, or Java) with strong knowledge of regular expressions
- RESTful API experience
- Proficiency with common cybersecurity frameworks such as MITRE ATT&CK, Kill Chain, OWASP.
- Strong process execution, time management and organizational skills.
- Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Experience with Log Management/SIEM tools (e.g., Arcsight, IBM/Qradar, Splunk, Mcafee/Nitro, ELK, LogRythm, others)
- Deep knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- BS in Computer Science, Information Systems, Engineering.
- Experience with QRadar/JSA, Cortex XSOAR/Demisto., and with endpoint security agents like Carbon Black or CrowdStrike.
- Experience with network forensics and associated toolsets, (Moloch, WireShark, , tcpdump), analysis techniques, as well as host-based detection and prevention suites like Microsoft Defender or OSSEC.
- Experience navigating and working in hybrid cloud environments.
- Understanding of log collection and aggregation techniques, Elastic Search, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF).
- SANS certifications: GCIH, GCFE, GCFA, GREM, GPEN, GWAPT, GXPN
Wednesday, September 15, 2021