Location: Offices are in Lodz & Katowice, but work can be done 99% remotely
As SOAR Engineer, you will be responsible for:
- Developing threat detection content.
- Engineer automation workflows to enrich events prior to analyst response.
- Engineer automation workflows to automate common analyst response actions.
- Responsing and solve issues negatively impacting the workflow of the SOAR.
- Collaborating with CSOC analysts on tuning or developing new automation.
- Working with leadership on work prioritization and backlog refinement.
- Identifying requirements for partner and provider APIs for better interconnectivity.
- Presenting technical information in non-technical terms to peers and management.
- Analyzing, debugging, reporting issues and enhancements.
- Define, prioritize, and drive standardized incident response activities.
- Improving efficiency of Security Operations by automatization.
- Creating automated playbooks.
- Reducing MTTD and MTTR by orchestration and automatization of security alerts.
- Building complex platform powered by cyber fusion technology for information sharing improvement.
- Searching for improvements to build better efficiency and hassle-free environment.
Requirements:
- 2+ years hands-on experience with SOAR
- Hands-on experience working with RESTful APIs for service integration.
- Experience using GitLab or Github as part of the CI/CD process.
- Experience working with analytics engines like Apache Spark.
- Proficiency on working with Python, C# and/or PowerShell.
- Experience in architecting, managing deployment, and operationalization of SOAR in client environments
- Experience in working with various technical departments to enhance orchestration and automatization threat detections of deployed SIEM solutions
- Solid technical knowledge of Linux and Windows
- Excellent root cause analysis skills
- Hands-on experience working with WebMethods
Additionally, a great asset will be:
- Previous experience with Splunk, Elasticsearch, QRadar, or other SIEM tools
- Security-related certificates, such as CompTIA Security +, CySA+, etc.
- Vendor certificates such as AZ-104, SC-200, AZ-500, MS-500, AWS Practitioner, etc.
- Other certificates which prove knowledge in the field of security and technology administration
- Red Hat Certified Administrator
What do we offer:
- You will work in a collaborative, close-knit team
- You will be able to learn a lot and develop your knowledge in IT Security
- You will have the possibility to participate in various vendor events organized only for business partners
- You will have access to an online learning platform with all the latest tech training
- You will be encouraged to work smart and work in your own way
- You will be a part of a leading global technology business
- You will be trusted to deliver your work
- You will get an extensive benefits package supporting your work-life balance, health, and comfort to work from home
- You will be able to work with top technology providers in the industries
- You will be first on the frontline to prevent any breaches to happen