SOAR Engineer

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities

• SOAR Engineer/Automation (L2) would work closely with the SOC team/Customer and be responsible for SOAR engineering activities such as automate repeated activities reduce manual efforts and MTT Response/Resolution.
• A SOAR Engineer/Automation with an extensive security operations background who drives the SOAR development lifecycle in support of the security operations & IR teams.
• Should have work experience with SIEM solutions and understanding of SIEM Architecture and components [Mainly Qradar SIEM].
• Should have hands on experience in SIEM Administration and troubleshooting [Mainly Qradar SIEM].
• Understanding about threat scenarios threat vectors and logs to arrive at identify new threats.
• Drives the SOAR development lifecycle supports the security operations and IR teams and writes tests and maintains automation scripts/workflows within SOAR platform.
• Develop and maintain the SOAR workflows and playbooks
• Strong understanding of SOAR playbook development and logic flows.
• Strong understanding of SOC workflows.
• Author and maintain documentation for all scripts integrations and workflows.
• Design implement standardize and maintain efficient and reusable Python code or other programming language.
• Review test debug and resolve technical issues throughout all stages of Software Development Life Cycle
• Translate conceptual SOCIR requirements into technical data and integration requirements for the SOAR platform.
• Deliver API solutions that streamline simplify and improve efficiencies for the CSOCIR teams as well as other enterprise Business Units.
• Design test and implement new playbooks for the cyber–Security Operation Center.
• Partner with SOC/IR leadership and customer to gather SOAR requirements priorities and enhancements.
• Partner with SOC/IR teams and customer to review the development of integrations workflows & scripts to ensure anticipated output is achieved.
• Implement technical modifications to integration script workflow based on feedback from product consumers.
• Experience in SOAR Version Upgrade Patch Upgrade App Upgrades
• Should coordinate with Lead and ensure the SOAR projects are delivered on time and in-line with Customer expectation and best practices.
• Experience with scripting such as Python Java BASH PowerShell Etc.
• Ability to multitask and work independently with minimal direction and maximum accountability.
• Coordination skills to collaborate with multiple technical and service delivery team.
• A track record of acting with integrity taking pride in work seeking to excel being curious and adaptable and communicating effectively.
• Demonstrated exceptional written and verbal communication skills.
• Excellent interpersonal skills and the ability to work effectively with people in a wide range of levels.

Required Technical and Professional Expertise

• Minimum 5+ years of experience in IT Software/Cyber Security Industry.
• Minimum 3+ years’ experience in Security Automation/SOAR Engineering.
• Should have good understanding of SOC Incident Response.
• Should have programming [Python is mandate] knowledge and experience.
• Should understand Cybersecurity controls and attack.
• Understanding of MITRE/NIST Framework and attack methods.

Preferred Technical and Professional Expertise