Security Operations Center (SOC) Engineer

Job Description

Job Description

SOC Engineer

We are seeking a motivated and experienced Security Operations Center (SOC) Engineer who will be responsible for improving the company security posture via automation and threat hunting.

The ideal candidate will have a strong background in Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms, coupled with proficiency in Python scripting. This role is pivotal in enhancing our security posture by developing and implementing automated security workflows, tuning our detection capabilities, and responding to sophisticated cyber threats.

Key Responsibilities:

• SIEM and SOAR Platform Management:
• Maintain our SIEM and SOAR platforms to ensure optimal performance and effectiveness in detecting and responding to security threats.
• Develop and fine-tune detection and correlation rules, dashboards, and reports within the SIEM to accurately detect anomalous activities.
• Create, manage, and optimize SOAR playbooks to automate incident response processes and streamline security operations.
• Automation and Scripting:
• Utilize Python scripting to develop custom integrations and automate repetitive tasks within the SOC.
• Build and maintain automation workflows to enhance the efficiency of threat detection, alert triage, and incident response.
• Integrate various security tools and threat intelligence feeds with our SIEM and SOAR platforms using APIs and custom scripts.
• Incident Response and Threat Hunting:
• Conduct proactive threat hunting to identify potential security gaps and indicators of compromise.
• Analyze security alerts and data from various sources to identify and respond to potential security incidents.
• Collaboration and Documentation:
• Collaborate with Information Security team members and other teams to enhance the overall security of the organization.
• Create and maintain clear and comprehensive documentation for detection rules, automation workflows, and incident response procedures.

Requirements

Required Qualifications:

• 6+ years of experience in a Security Operations Center (SOC) environment or a similar cybersecurity role.
• Hands-on experience with managing and configuring SIEM platforms (e.g., Elastic SIEM, Splunk, QRadar, Microsoft Sentinel).
• Demonstrable experience with SOAR platforms (e.g., Palo Alto Cortex XSOAR, Splunk SOAR) and playbook development.
• Proficiency in Python for scripting and automation of security tasks.
• Strong understanding of incident response methodologies, threat intelligence, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST).
• Excellent analytical and problem-solving skills with the ability to work effectively in a fast-paced environment.

Preferred Qualifications:

• Relevant industry certifications such as CISSP, GCIH, or similar.
• Experience with cloud security and environmental constructs (AWS, Azure, GCP).
• Familiarity with other scripting languages (e.g., PowerShell, Bash).
• Knowledge of network and endpoint security solutions.

Benefits

• Health Care Plan (Medical, Dental & Vision)

• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Training & Development
• Retirement Plan (401k, IRA)
• Free breakfast and lunch