Security Operations, Automation, and Response (SOAR) Lead

We are seeking a skilled Security Orchestration, Automation, and Response Lead to join our amazing security team. In this role, you will be responsible for designing, implementing, and maintaining security automation solutions to help protect our organization's assets.

Required Experience:


+ Years
Job Locations:


Location Restrictions:


Basic Qualifications and

Client Security Operations Team leverages security operations skills coupled with automation expertise to improve the overall security  posture of the enterprise. Identify security vulnerabilities, weaknesses, and  improvements, and then use automation to improve the security operations  tooling. Additionally help automate detective controls finding indicators of compromise  and enhancing those detections into our operations infrastructure as code  (IaC). The SOAR Lead should have an attacker mindset and utilize tools,  techniques, and processes that emulate those of skilled and motivated  adversaries. A lead may have additional responsibilities such as managing  projects, setting technical standards and guidelines, providing technical  direction to the team, and collaborating with other departments to ensure the  success of the organization's security operations. They may also be  responsible for developing and implementing strategies to improve the  efficiency and effectiveness of security operations, and for identifying  opportunities to automate additional security processes beyond SOAR  engineering.

  • Deep knowledge in at least one programming/scripting language (Python, C/C++, PowerShell, GoLang, etc.)
  • Experience in cloud technologies (AWS/Azure)
  • Deep knowledge in analyzing and debugging API frameworks
  • Experienced in presenting technical analysis of security research or technical topics in the form of presentations and/or reporting
  • Ability to work autonomously, meet deadlines, and deliver impactful results.
  • Lead the strategic direction and evolution of the Offensive Security program, including setting goals and establishing priorities
  • Drive strategic initiatives by influencing leadership, key stakeholders, and partnering with teams throughout Client
  • Lead effective teamwork, communication, collaboration and commitment across Client organization
  • Lead improvements to internal Information Security programs and processes
  • Write and deliver high-quality documents for technical and non-technical audiences
  • Ability to write effective communications
  • Sharp analytical abilities and attention to detail
  • Ability to handle multiple competing priorities in a fast-paced, deadline-driven environment
  • Ability to take ownership, self-motivate, and deliver results
  • Experience with driving remediation/mitigation of security issues and control gaps
  • Experience gathering and reporting to measure service and program effectiveness and consistency
  • Technical knowledge of adversary Tactics, Techniques, and Procedures (TTPs)
  • Experience with cloud service providers and their offerings, preferably AWS, and its various technologies and services
  • Knowledge of system or security design approaches with experience driving engineering and architectures to deliver results
  • Assist with security investigations, root-cause analysis, and corrective measures as required
  • Strong technical leader capable of planning and executing to meet core objectives
  • Ability to proactively take initiative to complete tasks and ensure the work meets company standards
  • Design/build scripts, tools, or methodologies to enhance detection, response and offensive capabilities.
  • They should be driven and able to take the initiative to complete tasks and ensure high-quality work, able to understand the mindset of skilled adversaries.    
  • Remain apprised of CSP (Cloud Service Provider) best practices and documentation, maintaining appropriate certifications and sharing findings with teams during weekly meetings.
  • Provides training regularly to uplift skill sets and operations of the information security team.
  • Collaborate with security Governance to validate and provide evidence for PCI/DSS, NIST, SOX, CIS, and other compliance standards.
  • Conduct application, cloud, network, and infrastructure penetration tests to identify and/or validate     vulnerabilities and attack chains.
  • Experience with secure container communications via Kubernetes CNIs, such as Calico.

·        Experience with network routing protocols such as BGP, OSPF, EIGRP, IGRP, RIP, and RIPv2 with accompanying best practices.

Required Skills and Experience
  • 5+ years performing Security Automation  and/or Offensive Security operations in an enterprise environment
  • 5+ years of experience in Information Security related domains, with knowledge of security fundamentals, identifying and remediating application vulnerabilities, penetration testing methodologies and tools
  • 3+ years of experience driving Information Security initiatives across large diverse organizations
  • 2+ years of experience with Machine Learning, Data Engineering, Data Science or Software Engineering
  • Proficiency in security automation, orchestration, and response tools such as SOAR platforms,  SIEM, EDR, and other related technologies.
  • Experience working in a fast-paced, dynamic environment with competing priorities
  • Expertise in scripting and programming languages such as Python, GoLang, PowerShell, and Bash.
  • Effectively communicate findings, attack paths, threat models, and recommendations to technical and executive stakeholders through written reports and verbal presentations.
  • Collaborate with diverse business partners to ensure the impact of the risk is understood, managed, and remediated.
  • Able to take on special assignments that may require additional on-the-fly learning.
  • Ability to multi-task with various engagements that range in technical and non-technical capabilities.

Practical understanding of machine learning and artificial intelligence

Interested in this position?
Fill out the form below!