Security Engineer SOAR

Foresite delivers a range of managed security, and cyber consulting & compliance solutions through strategic channel partnerships serving more than 1,000 customers globally. These unique and flexible solutions offer businesses innovative ways to address the liabilities of today’s complex security and compliance requirements. Our professionals, long experienced and highly knowledgeable in IT management and security, apply their expertise to providing superior product performance and unparalleled customer service through Foresite’s proprietary ProVision platform. Foresite is headquartered in Overland Park KS, with Operation Centers in Kansas City and Farnborough, UK.

Position Summary:

Foresite is seeking enthusiastic curious, growth minded thinkers, to help shape our vision to provide Security Services for our valued customers operating all over the world. This position will support the SOC by engineering security tool integrations, automations, scripts, and playbook content for the Chronicle SOAR platform that will assist the SOC team through more effective and efficient responses and investigative capabilities. This role will be responsible for maintaining and providing technical expertise for the Security Orchestration, Automation and Response (SOAR) platform. You will develop automation and orchestration content in support of SOC Operations and apply subject matter expertise to specific incidents, security application or enterprise environment to improve security posture or resolve issues. You will be responsible for collaborating with Security Analysts, Security Engineers, Development, and SIEM Architects to create playbooks utilizing Google Chronicle SIEM and Siemplify SOAR. A successful candidate will demonstrate the capacity to consistently meet and exceed expectations representing and reinforcing the Foresite brand through positive interaction with clients and colleagues. This position will work closely with SOC personnel and clients to fortify defense mechanisms and safeguard digital assets. Collaborate with the security operations center (SOC) to enhance threat detection capabilities. This is a role with wide breadth that will have the latitude to design and implement cutting edge security architecture.

Responsibilities:

• Serve as the lead for all Security Orchestration, Automation, Response (SOAR) activities.

• Design, test, and implement new playbooks for the cyber security operation center.

• Design, implement, standardize, and maintain efficient and reusable code.

• Author and maintain documentation for all scripts, integrations, and workflows.

• Translate conceptual SOC requirements into technical data and integration requirements for the SOAR platform.

• Deliver API solutions that streamline, simplify, and improve efficiencies for the SOC team as well as other business units.

• Partner with SOC leadership to gather SOAR requirements, priorities, and enhancements.

• Implement technical modifications to integration, script, workflow based on feedback from product consumers.

• Incorporating threat intelligence feeds into the SOAR platform to enhance the organization's ability to proactively detect and respond to emerging cyber threats.

• Regularly assess and optimize automation workflows, playbooks, and processes to improve the efficiency and effectiveness of security operations.

• Create and maintain comprehensive documentation for SOAR platform configurations, incident response playbooks, and best practices to ensure consistency and facilitate knowledge transfer within the team.

• Provide training to security team members on the effective use of the SOAR platform, share insights on emerging threats, and contribute to knowledge-sharing initiatives within the organization.

• Review API documentation and connect third-party services to the Chronicle SOAR platform.

• Manage, develop, and tune inputs, scripts, and APIs that integrate with the SOAR including log sources and troubleshooting sources or systems.

• Research and develop mitigation strategies to address the evolution of security trends and threat landscapes.

• Provide input to constantly improve our products and services to add value for our customers.

• Deliver presentations and develop technical training content on Google Security products and services, including but not limited to Google Chronicle SOAR.

• Build relationships with clients, developers, stakeholders, and security champions, to incorporate security principles of automation into engineering design and deployments.

• Other duties as assigned.

Qualifications:

• 5+ years’ experience in the security industry, in any combination of security research, security-oriented software development, or operational security engineering.

• 5+ years’ experience in developing security products in either software engineering or a security research role.

• Experience designing & implementing SOAR (Security Orchestration, Automation, and Response) technology.

• Strong understanding of SOAR playbook development and logic flows.

• Experience with SOC detections, operations, and responses.

• Demonstrate hands-on skills in a major scripting/programming language or a search query language for use in security operations and threat detection.

• Highly proficient in one of the following languages (Python, Go, SQL, JAVA).

• Experience building and refining SOAR tools.

• Strong RegEx experience.

• Experience with scripting such as BASH, PowerShell, and Python.

•

• Domain experience managing and working with current SIEM and SOAR platforms.

• Knowledge of cloud infrastructure and security implications of hybrid environments

• Advanced understanding of endpoint security and networking concepts.

• Excellent communication skills, both verbal and written.

• An intellectually curious problem solver focused on collaborative ideation.

Skills:

• Ability to think and act strategically and proactively.

• Experience working in a traditional software development lifecycle.

• Strong knowledge of cybersecurity technologies including EDR, cloud, firewalls, intrusion detection and prevention systems, data loss prevention systems, and vulnerability management tools.

• Experience with malware analysis, malware functionality, and persistence mechanisms.

• Experience conducting large scale data analysis and utilizing big data tools such as SQL, BigQuery, Jupyter notebooks, etc.

• Experience developing tools and automation using common DevOps toolsets and programming languages.

• Professional demeanor and strong work ethic

• Strong written communication skills including the ability to develop process documentation or guidelines for technical staff.

• Strong verbal communication and collaboration skills including the ability to work with both technical and non-technical customers/peers to research and resolve problems.

• Advanced knowledge of at least one leading SIEM platform (Sentinel, Splunk, Elastic, IBM Qradar, Chronicle etc.)

• Ability to apply critical thinking and logic to a wide range of intellectual and practical problems.

• Ability to maintain composure under pressure and work calmly in high pressure environments.

Start building your career in the fastest growing and most highly sought after cybersecurity skillset in the workforce today.