SOC Engineer

Overview:

Job Description: As an SOC Engineer specializing in Security Orchestration and Automation and Response (Automation) and Artificial Intelligence, you will be a vital member of our Security Operations Center (SOC) team. With a focus on providing day-to-day management of Automation and AI solutions, your role will involve supporting daily operations across multiple environments and customers. Reporting to the SOC Manager, you will utilize your expertise in Automation and AI to enhance our SOC capabilities and streamline response workflows.

Responsibilities:

Responsibilities:

• Automation and AI technologies Management: Oversee the configuration, maintenance, and optimization of our Automation and AI technologies to ensure their effectiveness in automating and orchestrating security workflows.
• Workflow Development: Design, develop, and implement automated workflows and playbooks within Automation and AI technologies to streamline incident response processes and enhance SOC efficiency.
• Integration and Orchestration: Integrate Automation and AI technologies with existing SOC tools and technologies, orchestrating workflows across disparate security systems for seamless response coordination.
• Incident Response Automation: Develop and deploy automated response actions and playbooks to enable rapid and effective response to security incidents, minimizing manual intervention and reducing response times.
• Threat Intelligence Integration: Integrate threat intelligence feeds and indicators of compromise (IOCs) into the Automation platform to enrich incident context and enable automated threat detection and response.
• Performance Monitoring and Optimization: Monitor the performance of the Automation and AI technologies, identifying and addressing any issues or bottlenecks to ensure optimal functionality and reliability.
• Documentation and Training: Maintain comprehensive documentation of Automation & AI workflows, configurations, and procedures. Provide training and guidance to SOC analysts and engineers on the use of Automation and AI technologies.
• Incident Response Support: Provide technical support during security incidents, leveraging Automation and AI technologies to automate response actions and facilitate incident investigation and resolution.
• Continuous Improvement: Stay abreast of emerging threats, security trends, and industry best practices related to Automation and AI technologies. Identify opportunities for process improvement and innovation within the SOC.
• Collaboration and Knowledge Sharing: Collaborate with other SOC engineering teams and stakeholders to share knowledge, insights, and best practices related to Automation and AI operations. Foster a culture of continuous learning and improvement within the SOC.

Skills:

• Solid experience in Security Operations Center (SOC) operations, with a focus on Automation platforms.
• Expertise in at least 2 Automation platforms (IBM SOAR PaloAlto XSOAR, FortiSOAR, Splunk SOAR, Chronicle SOAR with responsibilities of platform administration, configuration, and optimization.
• Proficiency in workflow development and playbook creation within Automation platforms.
• Strong understanding of Large Language Models, Machine Learning algorithms, security technologies, protocols, and industry best practices.
• Excellent problem-solving, analytical, and communication skills.
• Ability to work effectively in a fast-paced, dynamic environment and manage multiple priorities simultaneously.

Qualifications:

Certifications:

• 1 Certification in Automation platforms is a must.
• Other certification in Automation platforms is a plus.
• Cloud-related certifications like AWS Certified Solutions Architect, Google Professional Cloud Architect, or Microsoft Certified: Azure Solutions Architect Expert.
• Scripting certifications
• Networking certifications such as CCNA or CCNP are advantageous.

Educational Experience:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field.
• A minimum of 5 years of experience in SOC operations.
• Prior experience in a technical role within a SOC or similar cybersecurity environment.