Cyber Security SOAR Specialist
Description:
Job Responsibilities:
Cyber Security SOAR Specialist having experience with the following:
Utilize strong scripting skills in Python to automate security tasks and processes.
Design and execute API requests using Python to integrate various security tools and platforms
scripting experience in (PowerShell, Bash).
Apply knowledge of Security Orchestration, Automation, and Response (SOAR) concepts to enhance security operations
Work with SOAR platforms such as Cortex XSOAR and IBM Resilient to streamline incident response and management
Collaborate with cross-functional teams to identify and mitigate security threats
Conduct regular security assessments and audits to ensure compliance with industry standards
Provide technical guidance and support for security-related projects and initiatives
Stay updated on the latest cybersecurity trends, threats, and best practices
Participate in incident response activities and contribute to post-incident analysis and reporting
Create and maintain detailed documentation of security processes, configurations, and integrations.
Assist in the development and implementation of security policies, procedures, and protocols
secure a system or device so it can't be tampered with.
use a range of forensic tools and software to extract and analyze data.
deal with highly sensitive or confidential data or images, depending on the type of case youre investigating.
recover damaged, deleted or access hidden, protected or encrypted files.
collect information and evidence in a legally admissible way.
write technical reports based on your findings and, if required, give evidence in court as an expert witness.
SOAR experience including playbook design and integrations.
Strength in designing custom playbooks and the experience to act as a consultant for clients when designing the workflows.
Understand customer requirements for SOC service and able to position the offering.
Prepare proposals and respond to RFP for SOAR & SOC services.
Ability to work independently with little or no supervision and result oriented.
Able to execute instructions and to request clarification when needed.
Able to exhibit ability to be sensitive to the needs, concerns, and feeling of others.
Able to interact effectively with all levels of management.
Strong application and infrastructure knowledge; e.g. Tomcat, PostgreSQL, SAML, IMAP, LDAP, Active Directory, SSO.
Development Environment knowledge in Linux, bash shell programming, git, Gradle, virtual machines, Docker and Podman.
Working knowledge of Networking concepts (firewalls, DNS, IP addressing, SSL/TLS and certificates).
Qualifications:
Bachelors Degree in Computer Science, Cyber Security, Information Systems or Business Administration.
Excellent written, verbal communication skills, ability to effectively coordinate multiple priorities in a dynamic environment, strong analytical and negotiating skills & excellent organization and interpersonal skills required
Proficiency in Python programming language
Strong knowledge of API requests and integrations using Python
Familiarity with SOAR concepts and platforms, specifically Cortex XSOAR and IBM Resilient
Experience in automating security workflows and processes
Knowledgeable in Windows Domain, network and multi-tier application architectures
Security software countermeasures
Persuasive with details and facts
Ability to work both independently as well as part of a geographically dispersed integrated team
Ability to balance multiple priorities in a fast-paced, highly collaborative, frequently changing, and sometimes ambiguous environment
Knowledge of how to use network management tools and packet captures to resolve operational issues
Familiarity with industry standard network management tools and common application traffic flow patterns in multi-tiered applications
Expert knowledge in the following technologies:
Microsoft Active Directory Services
TCP/IP Based Networking Principles
Microsoft / Linux Operating Systems
Firewalls and Perimeter Security
Proxies and Load Balancers
Intrusion Detection and Prevention Systems (IDS/IPS)