Security Architect / SOAR Engineer

Security Architect / SOAR Engineer

Job Description

Scope of the Project:
The position will work as a Consulting Security Orchestration, Automation, and Response Engineer within the client. This role will focus on playbook development and orchestration, workflow automation, and logic optimization within the client SOAR platform. They will also build and maintain integrations between the client SOAR platform, SIEM, EDR, firewalls, and other necessary security tools. Engaging directly with state agencies to promote, support, and improve adoption of centralized security services is a key focus. 

Daily Duties / Responsibilities:
Provide technical expertise and experience in creating efficient automation workflows.
Develop, implement automations and optimize existing automations in response to security alerts and incidents.
Build and maintain integrations with the SOAR platform.
Create custom scripts when required to provide functionality not supported out of the box integrations.
Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.
Proactively coordinate with engineering, SOC, and IR support as needed to meet goals.
Other duties as needed.

Additional Skills / Duties:
Experience with dashboard creation and reporting.
Excellent communication and customer service skills for client-facing engagement.

Preferred Skills (Rank in Order of Importance):
Experience creating automations within the Cortex XSOAR platform.
Knowledge of security monitoring use cases and incident response support.

Required Education / Certifications:
Bachelor's degree in an Information Technology or Information Security related field.
Eight years of relevant work experience may be substituted in lieu of education.
Five years of experience in supporting large IT environments and/or system deployments.
5+ years of experience with automation platforms or SOAR solutions.
Strong scripting and automation skills (Python, Bash, PowerShell, or similar).
Understanding of REST APIs, JSON, and YAML.
Familiarity with MITRE ATT&CK framework.
Experience in working in multi-tenancy environment; experience in multi-agency or enterprise service projects.

Preferred Education / Certifications:
CISSP, CISA, CISO or equivalent advanced security certification.
Additional relevant certifications (e.g., CEH, OSCP, GPEN).
Vendor certifications in SOAR or automation technologies.

Notes:
Fully Remote

VIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.