Software Engineer - SOAR Platform

Key Responsibilities : 1. Cortex SOAR Implementation and Management : - Deploy, configure, and maintain Cortex SOAR platform within the MSSP SOC environment to support client security operations. - Integrate the SOAR platform with other security tools (SIEM, EDR, threat intelligence platforms, firewalls) to enable automated incident response. - Ensure Cortex SOAR is properly connected to client environments, including ingestion of logs, alerts, and telemetry data from various sources. 2. Playbook Development and Automation : - Develop and optimize automated playbooks and workflows to handle common security incidents (e.g., phishing, malware detection, alert triage, log analysis). - Work closely with SOC analysts to identify repetitive tasks and manual processes that can be automated using SOAR. - Design custom playbooks tailored to client-specific security needs and response requirements. - Continuously improve and tune playbooks based on feedback from SOC analysts and changes in the threat landscape. 3. Security Tool Integration : - Collaborate with security engineering and DevOps teams to integrate a wide range of security tools into Cortex SOAR, including SIEMs (e.g., Splunk, QRadar), firewalls, intrusion detection systems (IDS/IPS), EDR solutions, and threat intelligence platforms. - Ensure seamless data flow between Cortex SOAR and other tools to automate response actions (e.g., quarantining hosts, blocking IPs, updating firewall rules). - Test and validate integrations to ensure they are functioning correctly and that automation workflows are effective. 4. Incident Response Automation : - Work closely with incident response teams to automate the investigation, triage, and remediation of security incidents. - Implement real-time automated responses (e.g., isolating compromised devices, disabling accounts) based on pre-defined incident types and severity levels. - Ensure Cortex SOAR is configured to provide alerts, reports, and updates on incident status, response actions, and resolution times. - Monitor the effectiveness of automated responses and adjust playbooks and workflows as needed to improve incident response quality. 5. Workflow Optimization and Customization : - Analyze existing SOC workflows and identify opportunities to enhance efficiency through automation. - Customize and create new playbooks to address evolving threats, new attack techniques, and changes in client environments. - Work with clients and SOC teams to implement custom use cases and integrations specific to individual client security requirements. 6. Monitoring and Reporting : - Monitor the performance of Cortex SOAR playbooks and workflows to ensure they are executing correctly and improving SOC efficiency. - Generate reports and dashboards on automated incident handling metrics (e.g., time saved, incidents resolved via automation). - Provide regular updates to SOC management on the effectiveness of automation efforts and recommend improvements. - Ensure detailed logging and reporting of all automated actions taken by the SOAR platform to meet compliance and audit requirements. 7. Collaboration with SOC Teams : - Collaborate with SOC analysts, threat intelligence, and incident response teams to refine and develop automation strategies. - Provide training to SOC analysts and incident responders on how to leverage Cortex SOAR effectively in day-to-day operations. - Act as the technical point of contact for troubleshooting issues related to Cortex SOAR integrations, playbooks, and platform performance. 8. Platform Maintenance and Upgrades : - Ensure that Cortex SOAR is regularly updated with the latest software versions, patches, and features. - Perform regular health checks and maintenance of the platform, ensuring it remains fully functional and responsive. - Collaborate with vendor support to troubleshoot issues and apply best practices for SOAR performance. 9. Compliance and Security : - Ensure that SOAR processes and automations align with industry regulations and compliance requirements (e.g., GDPR, HIPAA, PCI-DSS). - Work closely with the compliance team to ensure that automated workflows meet the necessary audit and documentation standards. - Implement security controls and access management within the SOAR platform to prevent unauthorized use and ensure data privacy. Desired qualifications : - Education : Bachelors degree in Information Security, Computer Science, or related field. - Experience : - 4 years of experience in cybersecurity, with at least 2 years working with SOAR platforms, preferably Palo Alto Cortex SOAR. - Strong background in SOC operations, incident response, or security engineering. (ref:hirist.tech)

Location: in, IN

Posted Date: 11/25/2024