Responsibilities:

• Cortex XSOAR Proficiency: Experience in all aspects of Cortex XSOAR (Single/Multi-tenant) architecture, including solution design, planning, installation, implementation, integration, custom scripts, playbook development, containers, and REST API documentation.
• Incident Response Workflows: Proficiency in incident response and automation workflows related to Security Operations.
• SOAR Integration: Enable SOAR integration with various technologies, systems, products, and software through direct or middleware approaches.
• Threat Research: Conduct threat research and stay updated on the latest malware trends, common attack techniques, tactics, and procedures (TTPs), as well as the general threat landscape.
• Playbook Management: Design, create, implement, maintain, and optimize playbooks for the detection, protection, containment, and mitigation of cybersecurity threats and incidents.
• Team Performance Enhancement: Improve team performance through the orchestration and automation of operational efforts by programming and developing custom scripts and playbooks based on customer needs.
• API-Based Automation: Develop and utilize API-based automation playbooks/workflows to enhance incident response lifecycle automation, security automation, threat intelligence, and threat hunting.
• Proof of Concept Delivery: Plan, design, implement, and deliver successful proofs of concept (POC) to various customers, meeting their expectations.
• Cybersecurity Incident Response: Design, plan, and implement rapid and effective detection, mitigation, containment, and response strategies for cybersecurity incidents, leveraging integrations with infrastructure platforms and tools.
• Use Case Development: Identify, consult, develop, and implement various use cases from customers, proposing automation opportunities and turning them into automated playbooks.
• Process Optimization: Create, optimize, and document processes, procedures, workflow tracking, reporting SLAs, KPIs, and OLAs, providing SOAR optimization support in collaboration with SOC Incident Responders.
• Continuous Improvement: Drive continuous improvement and regularly update existing playbooks based on changes in the threat landscape or client security controls to address new threats and tactics.

Skills

Qualifications:

• Proven experience in security operations, incident response, or a related role.
• Familiarity with SOAR platforms (such as Palo Alto Networks Cortex XSOAR, Splunk Phantom, or similar).
• Strong understanding of security frameworks, threat intelligence, and incident response methodologies.
• Proficiency in programming/scripting languages (e.g., Python, PowerShell, JavaScript).
• Excellent problem-solving skills and attention to detail.
• Strong communication skills, both written and verbal, to collaborate with stakeholders.
• Certifications such as CEH, CISSP, or Security+ are a plus.