Cyber Security SOAR Specialist

Job Responsibilities:

Cyber Security SOAR Specialist having experience with the following:

• Utilize strong scripting skills in Python to automate security tasks and processes.

• Design and execute API requests using Python to integrate various security tools and platforms

• scripting experience in (PowerShell, Bash).

• Apply knowledge of Security Orchestration, Automation, and Response (SOAR) concepts to enhance security operations

• Work with SOAR platforms such as Cortex XSOAR and IBM Resilient to streamline incident response and management

• Collaborate with cross-functional teams to identify and mitigate security threats

• Conduct regular security assessments and audits to ensure compliance with industry standards

• Provide technical guidance and support for security-related projects and initiatives

• Stay updated on the latest cybersecurity trends, threats, and best practices

• Participate in incident response activities and contribute to post-incident analysis and reporting

• Create and maintain detailed documentation of security processes, configurations, and integrations.

• Assist in the development and implementation of security policies, procedures, and protocols

• secure a system or device so it can't be tampered with.

• use a range of forensic tools and software to extract and analyze data.

• deal with highly sensitive or confidential data or images, depending on the type of case youre investigating.

• recover damaged, deleted or access hidden, protected or encrypted files.

• collect information and evidence in a legally admissible way.

• write technical reports based on your findings and, if required, give evidence in court as an expert witness.

• SOAR experience including playbook design and integrations.

• Strength in designing custom playbooks and the experience to act as a consultant for clients when designing the workflows.

• Understand customer requirements for SOC service and able to position the offering.

• Prepare proposals and respond to RFP for SOAR & SOC services.

• Ability to work independently with little or no supervision and result oriented.

• Able to execute instructions and to request clarification when needed.

• Able to exhibit ability to be sensitive to the needs, concerns, and feeling of others.

• Able to interact effectively with all levels of management.

• Strong application and infrastructure knowledge; e.g. Tomcat, PostgreSQL, SAML, IMAP, LDAP, Active Directory, SSO.

• Development Environment knowledge in Linux, bash shell programming, git, Gradle, virtual machines, Docker and Podman.

• Working knowledge of Networking concepts (firewalls, DNS, IP addressing, SSL/TLS and certificates).
• Qualifications:
  
  
  • Bachelors Degree in Computer Science, Cyber Security, Information Systems or Business Administration.
  • Excellent written, verbal communication skills, ability to effectively coordinate multiple priorities in a dynamic environment, strong analytical and negotiating skills & excellent organization and interpersonal skills required
  • Proficiency in Python programming language
  • Strong knowledge of API requests and integrations using Python
  • Familiarity with SOAR concepts and platforms, specifically Cortex XSOAR and IBM Resilient
  • Experience in automating security workflows and processes
  • Knowledgeable in Windows Domain, network and multi-tier application architectures
  • Security software countermeasures
  • Persuasive with details and facts
  • Ability to work both independently as well as part of a geographically dispersed integrated team
  • Ability to balance multiple priorities in a fast-paced, highly collaborative, frequently changing, and sometimes ambiguous environment
  • Knowledge of how to use network management tools and packet captures to resolve operational issues
  • Familiarity with industry standard network management tools and common application traffic flow patterns in multi-tiered applications
  • Expert knowledge in the following technologies:
  • Microsoft Active Directory Services
  • TCP/IP Based Networking Principles
  • Microsoft / Linux Operating Systems
  • Firewalls and Perimeter Security
  • Proxies and Load Balancers
  • Intrusion Detection and Prevention Systems (IDS/IPS)