SOAR Developer
Posted 4 days ago by 1761215164
Negotiable
Outside
Remote
USA
Summary: We are looking for a Senior SOAR Developer to enhance our cybersecurity team by developing and maintaining automated security workflows and playbooks. The role demands extensive experience with SOAR platforms, particularly Google Chronicle, and expert proficiency in Python. This position involves both hands-on development and mentoring of junior team members. The ideal candidate will also collaborate with various security professionals to improve incident response and operational efficiency.
Key Responsibilities:
- Design, develop, and maintain automated playbooks and workflows within a SOAR platform, preferably Google Chronicle.
- Integrate and automate incident response and case management processes.
- Develop custom integrations and connectors using APIs for communication between the SOAR platform and security tools.
- Write clean, efficient, and reusable Python scripts for security automation.
- Provide technical leadership and mentorship to junior developers and security analysts.
- Analyze and identify opportunities to automate manual security tasks and improve operational efficiency.
- Create and maintain comprehensive documentation for developed playbooks and automation scripts.
Key Skills:
- A minimum of 5+ years of experience in software development, with at least 3 years focused on security automation and SOAR development.
- Hands-on experience with major SOAR platforms, preferably Google Chronicle.
- Expert-level proficiency in Python and experience with REST APIs, JSON, and other scripting languages.
- Deep understanding of cybersecurity concepts, including incident response and threat detection.
- Experience with security case management and ticketing systems.
- Familiarity with cloud platforms and IT infrastructure security principles.
- Excellent problem-solving, analytical, and communication skills.
Salary (Rate): undetermined
City: undetermined
Country: USA
Working Arrangements: remote
IR35 Status: outside IR35
Seniority Level: Senior
Industry: IT
SOAR Developer
Remote
Position Summary:
We are seeking a highly skilled and experienced Senior SOAR Developer to join our cybersecurity team. This role is crucial for advancing our security posture through the development and maintenance of automated security workflows and playbooks.
The ideal candidate will have extensive experience with SOAR platforms, a deep understanding of the security domain, and expert-level proficiency in Python.
This is a technical leadership role that requires both hands-on development and the ability to mentor and collaborate with other security professionals.
Key Responsibilities
SOAR Development & Engineering: Design, develop, and maintain automated playbooks and workflows within a SOAR platform, with a strong preference for Google Chronicle.
Case Management & Incident Response: Integrate and automate incident response and case management processes to accelerate threat detection, investigation, and remediation.
Platform Integration: Develop custom integrations and connectors using APIs to enable communication between the SOAR platform and various security tools (e.g., SIEM, EDR, threat intelligence platforms, vulnerability scanners).
Python Scripting: Write clean, efficient, and reusable Python scripts to support security automation, data enrichment, and custom functionality.
Mentorship & Collaboration: Provide technical leadership, guidance, and mentorship to junior developers and security analysts. Collaborate with Security Operations Center (SOC) teams, threat intelligence groups, and incident responders to understand their needs and translate them into technical requirements.
Process Improvement: Analyze and identify opportunities to automate manual security tasks, improve operational efficiency, and reduce mean time to respond (MTTR).
Documentation & Best Practices: Create and maintain comprehensive documentation for all developed playbooks, integrations, and automation scripts. Advocate for and implement best practices in security automation and software development. Required Skills & Qualifications Experience: A minimum of 5+ years of experience in software development or a related field, with at least 3 years focused on security automation and SOAR development.
SOAR Platform: Demonstrated, hands-on experience with at least one major SOAR platform, with a strong preference for Google Chronicle. Experience with other platforms like Palo Alto Cortex XSOAR, Splunk SOAR, or IBM SOAR is also valuable.
Programming: Expert-level proficiency in Python is a must. Experience with REST APIs, JSON, and other scripting languages (e.g., PowerShell, Bash) is highly desirable.
Security Domain Knowledge: Deep understanding of cybersecurity concepts, including incident response, threat detection, threat intelligence, and vulnerability management.
Case Management: Solid experience with security case management and ticketing systems (e.g., Jira, ServiceNow).
Cloud & Infrastructure: Familiarity with cloud platforms (Google Cloud Platform, AWS, or Azure) and an understanding of IT infrastructure and network security principles.
Soft Skills: Excellent problem-solving, analytical, and communication skills. The ability to work both independently and collaboratively in a fast-paced environment is essential.
Preferred Qualifications:
Experience with Google Chronicle SOAR, including the development of custom actions, connectors, and playbooks.
Relevant cybersecurity certifications such as CISSP, GCIH, or GIAC Certified Automation Engineer (GSAE).
Prior experience working in a Security Operations Center (SOC) or a similar security role.