Cortex XSOAR Proficiency: Experience in all aspects of Cortex XSOAR (Single/Multi-tenant) architecture, including solution design, planning, installation, implementation, integration, custom scripts, playbook development, containers, and REST API documentation.
Incident Response Workflows: Proficiency in incident response and automation workflows related to Security Operations.
SOAR Integration: Enable SOAR integration with various technologies, systems, products, and software through direct or middleware approaches.
Threat Research: Conduct threat research and stay updated on the latest malware trends, common attack techniques, tactics, and procedures (TTPs), as well as the general threat landscape.
Playbook Management: Design, create, implement, maintain, and optimize playbooks for the detection, protection, containment, and mitigation of cybersecurity threats and incidents.
Team Performance Enhancement: Improve team performance through the orchestration and automation of operational efforts by programming and developing custom scripts and playbooks based on customer needs.
API-Based Automation: Develop and utilize API-based automation playbooks/workflows to enhance incident response lifecycle automation, security automation, threat intelligence, and threat hunting.
Proof of Concept Delivery: Plan, design, implement, and deliver successful proofs of concept (POC) to various customers, meeting their expectations.
Cybersecurity Incident Response: Design, plan, and implement rapid and effective detection, mitigation, containment, and response strategies for cybersecurity incidents, leveraging integrations with infrastructure platforms and tools.
Use Case Development: Identify, consult, develop, and implement various use cases from customers, proposing automation opportunities and turning them into automated playbooks.
Process Optimization: Create, optimize, and document processes, procedures, workflow tracking, reporting SLAs, KPIs, and OLAs, providing SOAR optimization support in collaboration with SOC Incident Responders.
Continuous Improvement: Drive continuous improvement and regularly update existing playbooks based on changes in the threat landscape or client security controls to address new threats and tactics.
Skills
Qualifications:
Proven experience in security operations, incident response, or a related role.
Familiarity with SOAR platforms (such as Palo Alto Networks Cortex XSOAR, Splunk Phantom, or similar).
Strong understanding of security frameworks, threat intelligence, and incident response methodologies.
Proficiency in programming/scripting languages (e.g., Python, PowerShell, JavaScript).
Excellent problem-solving skills and attention to detail.
Strong communication skills, both written and verbal, to collaborate with stakeholders.
Certifications such as CEH, CISSP, or Security+ are a plus.
