Senior SOAR Developer with Google Chronicle

We need a SOAR developer

Location: Remote

On Contract

JD:

Position Summary

We are seeking a highly skilled and experienced Senior SOAR Developer to join our cybersecurity team. This role is crucial for advancing our security posture through the development and maintenance of automated security workflows and playbooks. The ideal candidate will have extensive experience with SOAR platforms, a deep understanding of the security domain, and expert-level proficiency in Python. This is a technical leadership role that requires both hands-on development and the ability to mentor and collaborate with other security professionals.

Key Responsibilities

• SOAR Development & Engineering: Design, develop, and maintain automated playbooks and workflows within a SOAR platform, with a strong preference for Google Chronicle.
• Case Management & Incident Response: Integrate and automate incident response and case management processes to accelerate threat detection, investigation, and remediation.
• Platform Integration: Develop custom integrations and connectors using APIs to enable communication between the SOAR platform and various security tools (e.g., SIEM, EDR, threat intelligence platforms, vulnerability scanners).
• Python Scripting: Write clean, efficient, and reusable Python scripts to support security automation, data enrichment, and custom functionality.
• Mentorship & Collaboration: Provide technical leadership, guidance, and mentorship to junior developers and security analysts. Collaborate with Security Operations Center (SOC) teams, threat intelligence groups, and incident responders to understand their needs and translate them into technical requirements.
• Process Improvement: Analyze and identify opportunities to automate manual security tasks, improve operational efficiency, and reduce mean time to respond (MTTR).
• Documentation & Best Practices: Create and maintain comprehensive documentation for all developed playbooks, integrations, and automation scripts. Advocate for and implement best practices in security automation and software development.

Required Skills & Qualifications

• Experience: A minimum of 5+ years of experience in software development or a related field, with at least 3 years focused on security automation and SOAR development.
• SOAR Platform: Demonstrated, hands-on experience with at least one major SOAR platform, with a strong preference for Google Chronicle. Experience with other platforms like Palo Alto Cortex XSOAR, Splunk SOAR, or IBM SOAR is also valuable.
• Programming: Expert-level proficiency in Python is a must. Experience with REST APIs, JSON, and other scripting languages (e.g., PowerShell, Bash) is highly desirable.
• Security Domain Knowledge: Deep understanding of cybersecurity concepts, including incident response, threat detection, threat intelligence, and vulnerability management.
• Case Management: Solid experience with security case management and ticketing systems (e.g., Jira, ServiceNow).
• Cloud & Infrastructure: Familiarity with cloud platforms (Google Cloud Platform, AWS, or Azure) and an understanding of IT infrastructure and network security principles.
• Soft Skills: Excellent problem-solving, analytical, and communication skills. The ability to work both independently and collaboratively in a fast-paced environment is essential.

Preferred Qualifications

• Experience with Google Chronicle SOAR, including the development of custom actions, connectors, and playbooks.
• Relevant cybersecurity certifications such as CISSP, GCIH, or GIAC Certified Automation Engineer (GSAE).
• Prior experience working in a Security Operations Center (SOC) or a similar security role.