SOAR Engineer

Location: Offices are in Lodz & Katowice, but work can be done 99% remotely

As SOAR Engineer, you will be responsible for:

• Developing threat detection content.
• Engineer automation workflows to enrich events prior to analyst response.
• Engineer automation workflows to automate common analyst response actions.
• Responsing and solve issues negatively impacting the workflow of the SOAR.
• Collaborating with CSOC analysts on tuning or developing new automation.
• Working with leadership on work prioritization and backlog refinement.
• Identifying requirements for partner and provider APIs for better interconnectivity.
• Presenting technical information in non-technical terms to peers and management.
• Analyzing, debugging, reporting issues and enhancements.
• Define, prioritize, and drive standardized incident response activities.
• Improving efficiency of Security Operations by automatization.
• Creating automated playbooks.
• Reducing MTTD and MTTR by orchestration and automatization of security alerts.
• Building complex platform powered by cyber fusion technology for information sharing improvement.
• Searching for improvements to build better efficiency and hassle-free environment.

Requirements:

• 2+ years hands-on experience with SOAR
• Hands-on experience working with RESTful APIs for service integration.
• Experience using GitLab or Github as part of the CI/CD process.
• Experience working with analytics engines like Apache Spark.
• Proficiency on working with Python, C# and/or PowerShell.
• Experience in architecting, managing deployment, and operationalization of SOAR in client environments
• Experience in working with various technical departments to enhance orchestration and automatization threat detections of deployed SIEM solutions
• Solid technical knowledge of Linux and Windows
• Excellent root cause analysis skills
• Hands-on experience working with WebMethods

Additionally, a great asset will be:

• Previous experience with Splunk, Elasticsearch, QRadar, or other SIEM tools
• Security-related certificates, such as CompTIA Security +, CySA+, etc.
• Vendor certificates such as AZ-104, SC-200, AZ-500, MS-500, AWS Practitioner, etc.
• Other certificates which prove knowledge in the field of security and technology administration
• Red Hat Certified Administrator

What do we offer:

• You will work in a collaborative, close-knit team
• You will be able to learn a lot and develop your knowledge in IT Security
• You will have the possibility to participate in various vendor events organized only for business partners
• You will have access to an online learning platform with all the latest tech training
• You will be encouraged to work smart and work in your own way
• You will be a part of a leading global technology business
• You will be trusted to deliver your work
• You will get an extensive benefits package supporting your work-life balance, health, and comfort to work from home
• You will be able to work with top technology providers in the industries
• You will be first on the frontline to prevent any breaches to happen