Job Description

Looking for SOAR Engineer

Location : Dallas, TX, Remote (Highly preferred in DFW area)

Description

• SOAR Platform Engineering & Administration: Lead the design, configuration, deployment, and ongoing maintenance of the organization's SOAR platform(s). Ensure platform stability, availability, and performance to support continuous security operations across global environments.
• Playbook Development & Automation: Design, develop, test, and deploy automated playbooks and workflows that streamline alert triage, threat enrichment, containment actions, notification processes, and incident response activities. Continuously identify opportunities to automate repetitive SOC tasks and reduce mean time to detect (MTTD) and mean time to respond (MTTR).
• Tool Integration & API Development: Build and maintain API-based integrations between the SOAR platform and the broader security ecosystem, including SIEM, EDR (e.g., CrowdStrike), email security, threat intelligence platforms, ticketing systems, identity and access management (IAM) solutions, and cloud security tools. Ensure data flows seamlessly across platforms to enable enriched, context-aware automated responses.
  • Scripting & Custom Automation: Leverage Python, PowerShell, and other scripting languages to develop custom connectors, parsers, enrichment modules, and automation scripts that extend SOAR platform capabilities beyond out-of-the-box functionality. Build reusable code libraries and modular components to accelerate future development.
• Collaboration with SOC & Detection Engineering: Partner closely with SOC analysts, detection engineers, SIEM engineers, and incident responders to understand operational pain points, translate manual processes into automated workflows, and continuously tune playbooks based on real-world feedback and evolving threat scenarios.
• Health Monitoring, Metrics & Reporting: Establish and maintain dashboards and reporting mechanisms to track playbook execution success rates, automation coverage, error rates, and operational efficiency gains. Proactively identify and remediate playbook failures, integration issues, and performance bottlenecks.
• Process Development & Documentation: Develop and maintain comprehensive documentation including playbook design specifications, integration architecture diagrams, runbooks, and standard operating procedures (SOPs). Ensure knowledge transfer and long-term sustainment of all automation capabilities.

Requirements

• 5+ years of experience in cyber security engineering or security operations, with hands-on expertise in SOAR platform administration, playbook development, and security workflow automation.
• Subject matter expertise in one or more SOAR platforms** (e.g., Palo Alto XSOAR/Cortex XSOAR, Splunk SOAR/Phantom, Swimlane, Tines, Crowdstrike Fusion, Google Chronicle SOAR, or similar).
• Strong proficiency in Python and PowerShell, with demonstrated ability to build custom integrations, automation scripts, and API-driven workflows.
• Experience integrating security tools via RESTful APIs, including SIEM platforms, EDR solutions (e.g., CrowdStrike), ticketing systems, threat intelligence feeds, IAM solutions, and cloud security services.
• Solid understanding of security operations workflows, including alert triage, incident response, threat enrichment, and escalation processes.
• Familiarity with SIEM platforms and data source ecosystems, with the ability to collaborate effectively with SIEM engineers on detection-to-response automation pipelines.
• Excellent communication and collaboration skills with the ability to partner across SOC, engineering, and leadership teams and translate technical concepts into actionable solutions.

Job Tags

Similar Jobs