SOAR Developer-W2

Job Title: SOAR Developer
Duration: 6-12+ Months (Possible Extension)
Location: Dallas, TX (Onsite)

Job Description:

Summary

Oncor has an immediate need for a Security Orchestration Automation and Response (SOAR) developer to join our Security Operations Center (SOC) Team. The ideal SOAR Developer is someone who is process driven, efficient, and strives to remove tedium from daily workflows. The developer will support the modernization of SOC cybersecurity operations, along with responding to emergent development requirements from Security Operations. The ideal candidate will be flexible and ready to work within a DevSecOps model within the SOC which includes incident response operations and development engineers participating together in the entire lifecycle, from design through the development process to production support.

Assist in identifying and deploying security analytics, alerting and automation solutions based on organizational requirements technical integration with key data inputs (e.g. raw security telemetry coupled with referential data)

Primary Responsibilities

• Automate SOC Security Incident Response processes providing the ability to analyze and resolve alerts from existing security tools leveraging a single stream management system
• Develop and maintain custom applications for SOC workflows
• Assist with process development and process improvement for SOC to include creation/modification of SOPs, Playbooks, and work instructions
• Integrate SOAR platform with other security tools and APIs to execute automated workflows
• Author, test, and maintain automation scripts/workflows within SOAR platform
• Design, implement, and maintain efficient and reusable Python, Javascript, and JSON code
• Review, debug, and resolve technical issues throughout all stages of SDLC
• Coordinate with system administrators and engineers to provision service accounts and/or grant required permissions
• Actively mentor and train team members of the SOC processes, governance, and frameworks

Education, Experience, and Skill Requirements

• 2+ years of work experience in one or more Cybersecurity focus areas such as SOC or Network Security
• Bachelors degree in Computer Science, Information Systems, Engineering, or related field
• Experience with SOAR platforms such as Swimlane, Phantom, XSOAR, etc
• Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices
• Proficient in Python scripting
• Working knowledge of REST APIs, JSON, HTML/CSS, Javascript, XML
• Experience authoring SOC SOPs, playbooks, work instructions and/or other process documents
• Experience with SIEMs, such as Splunk, XSIAM, QRadar, etc
• Experience with Visual Studio
• Experience in DevSecOps environment
• Ability to demonstrate an investigative mindset. Not just being able to execute a task but being able to understand the reason for that task, and determine next steps depending on the results while maintaining a firm grasp of the overall goals of the entire process

Measures of Success

• Actively maintains and troubleshoots SOAR systems
• Demonstrates and maintains skillsets to remain current in existing and future technologies
• Demonstrates collaboration and cooperation with SOC team members and internal partners in a professional manner
• Develops skills in prioritization and multi-tasking, and success in adapting to change in a fast-paced environment