Overview

Responsibilities:
  • SOAR / Automation
  • Design and build automated response playbooks/workflows in the SOAR platform (enrichment, ticketing, containment, notifications)
  • Integrate SOAR with SIEM, EDR, ticketing/ITSM, threat intel feeds, email gateways, and network/security devices
  • Convert manual SOC runbooks into automated sequences to reduce MTTR
  • Write and maintain scripts in JavaScript, Python, Bash, and Windows Batch to:parse and transform logs, pull/push data via REST APIs, automate onboarding of new sources
  • Build small helper tools for the SOC team to speed up investigation and enrichment
Required Qualifications:
  • 3+ years of experience in Information Security/ Information Technology / SOC / Cybersecurity Operations/ Development Operations
  • Hands-on experience with at least one enterprise SIEM platform (e.g. Splunk, Elastic SIEM, Microsoft Sentinel, ArcSight, Wazuh, etc.)
  • Experience with at least one SOAR platform (native SIEM SOAR, Cortex XSOAR, IBM SOAR, Splunk SOAR/Phantom, Arcsight or similar) or Ansible
  • Strong scripting skills: JavaScript – for SIEM/SOAR apps, JSON manipulation, API calls; Python – for integrations, enrichment scripts, automation tasks; Bash – for Linux-based log collection and preprocessing; Batch/PowerShell basics – for Windows-based log tasks and agents
  • Solid understanding of log formats (syslog, JSON, CEF, LEEF), parsing, field extraction, normalization, and enrichment
  • Good knowledge of TCP/IP, HTTP/S, DNS, authentication (AD/LDAP/Kerberos) from a logging/security perspective
  • Ability to work with REST APIs for security tools integration
  • Good to have documentation skills
  • Experience creating detection content/use cases (MITRE ATT&CK mapping)
  • Experience integrating threat intelligence feeds and automating enrichment
  • Familiarity with ITSM/ticketing systems (ServiceNow, Jira, ManageEngine, etc.)
  • Experience in high-availability SIEM setups and log collection architectures
  • Security certifications (e.g. CyberOps Associate, SC-200, Splunk Core Certified Power User, QRadar, Sentinel, CySA+, SSCP) are a plus
  • Analytical mindset and attention to log/data quality.
  • Ability to translate SOC needs into technical automation.
  • Comfortable working with infrastructure and application teams.
  • Proactive, able to work in an Information Security environment with multiple parallel tasks.
Nice To Have:
  • Good to have documentation skills
  • Experience creating detection content/use cases (MITRE ATT&CK mapping)
  • Experience integrating threat intelligence feeds and automating enrichment
  • Familiarity with ITSM/ticketing systems (ServiceNow, Jira, ManageEngine, etc.)
  • Experience in high-availability SIEM setups and log collection architectures
  • Security certifications (e.g. CyberOps Associate, SC-200, Splunk Core Certified Power User, QRadar, Sentinel, CySA+, SSCP) are a plus
Note:

✨ Our intelligent job search engine discovered this job and republished it for your convenience.
Please be aware that the job information may be incorrect or incomplete. The job announcement remains the property of its original publisher. To view the original job and its full details, please visit the job's URL on the owner’s page.

Please clearly mention that you have heard of this job opportunity on https://ijob.am.