Security Orchestration, Automation, and Response (SOAR) Engineer - REMOTE (W2 ONLY)

Job Description:

***Only W2 resumes are accepted

Work Location: Fully Remote

Candidate Location: No SC residency required. Open to nationwide candidates.

The position will work as a consulting Security Orchestration, Automation, and Response engineer within the Division of Information Security. This role will focus on Playbook development and Orchestration, Workflow automation, and logic optimization within the state SOAR platform. They will also build and maintain integrations between the state SOAR platform, SIEM, EDR, Firewalls, and other necessary security tools. Engaging directly with state agencies to promote, support, and improve adoption of centralized security services is a key focus. The engagement is expected to be needed for 12 months with the possibility of extension.

DAILY DUTIES / RESPONSIBILITIES:

PREFERENCE WILL BE GIVEN TO A CANDIDATE WHO CAN WORK ONSITE OVER HYBRID AND OVER FULL-TIME REMOTE (ON-SITE AS NEEDED).

• provide technical expertise and experience in creating efficient automation workflows.
• Develop, implement automations and optimize existing automations in response to security alerts and incidents.
• Build and maintain integrations with the SOAR platform.
• Create custom scripts when required to provide functionality not supported out of the box integrations.
• Document processes, runbooks, and troubleshooting steps related to the SOAR and integrations.
• proactively Coordinate with engineering, SOC, and IR support as needed to meet goals.
• other duties as needed.

Additional skills/duties:

• Experience with dashboard creation and reporting.
• Excellent communication and customer service skills for agency-facing engagement.

Required Skills:

• Bachelors Degree in an Information Technology or Information Security related field; 8+ years of experience in security architecture may be substituted in lieu of education
• 5+ years of experience with automation platforms or SOAR solutions
• 5+ years of experience in supporting large IT environments and/or system deployments
• Experience with scripting and automation (Python, Bash, PowerShell, or similar)
• Experience with Rest API's, JSON, and YAML
• Familiarity with MITRE ATT & CK framework
• Experience working in multi-tenancy environment; multi-agency or enterprise service projects

Preferred Skills:

• CISSP, CISA, CISO or equivalent advanced security certifications (CEH, OSCP, GPEN)
• Vendor certifications in SOAR or Automation technologies
• Experience creating automations within the Cortex XSOAR platform
• Knowledge of security monitoring use cases and incident response support.
• Resources local to Columbia, SC or surrounding city in South Carolina are preferred