SOAR Developer

Summary

Oncor has an immediate need for a Security Orchestration Automation and Response (SOAR) developer to join our Security Operations Center (SOC) Team. The ideal SOAR Developer is someone who is process driven, efficient, and strives to remove tedium from daily workflows. The developer will support the modernization of SOC cybersecurity operations, along with responding to emergent development requirements from Security Operations. The ideal candidate will be flexible and ready to work within a DevSecOps model within the SOC which includes incident response operations and development engineers participating together in the entire lifecycle, from design through the development process to production support.

Assist in identifying and deploying security analytics, alerting and automation solutions based on organizational requirements technical integration with key data inputs (e.g. raw security telemetry coupled with referential data)

Primary Responsibilities

Automate SOC Security Incident Response processes providing the ability to analyze and resolve alerts from existing security tools leveraging a single stream management system

Develop and maintain custom applications for SOC workflows

Assist with process development and process improvement for SOC to include creation/modification of SOPs, Playbooks, and work instructions

Integrate SOAR platform with other security tools and APIs to execute automated workflows

Author, test, and maintain automation scripts/workflows within SOAR platform

Design, implement, and maintain efficient and reusable Python, Javascript, and JSON code

Review, debug, and resolve technical issues throughout all stages of SDLC

Coordinate with system administrators and engineers to provision service accounts and/or grant required permissions

Actively mentor and train team members of the SOC processes, governance, and frameworks

Education, Experience, and Skill Requirements

2+ years of work experience in one or more Cybersecurity focus areas such as SOC or Network Security

Bachelors degree in Computer Science, Information Systems, Engineering, or related field

Experience with SOAR platforms such as Swimlane, Phantom, XSOAR, etc

Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices

Proficient in Python scripting

Working knowledge of REST APIs, JSON, HTML/CSS, Javascript, XML

Experience authoring SOC SOPs, playbooks, work instructions and/or other process documents

Experience with SIEMs, such as Splunk, XSIAM, QRadar, etc

Experience with Visual Studio

Experience in DevSecOps environment

Ability to demonstrate an investigative mindset. Not just being able to execute a task but being able to understand the reason for that task, and determine next steps depending on the results while maintaining a firm grasp of the overall goals of the entire process

Measures of Success

Actively maintains and troubleshoots SOAR systems

Demonstrates and maintains skillsets to remain current in existing and future technologies

Demonstrates collaboration and cooperation with SOC team members and internal partners in a professional manner

Develops skills in prioritization and multi-tasking, and success in adapting to change in a fast-paced environment