SOAR developer

Job Description
Division: CISO
Cyber Defense Center is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclear's services, it's supporting assets and people. We do this through the Cyber Threat Management (CTM) capabilities, Security Operations Centre (SOC) which includes monitoring (Tier 1 & Tier 2) and Cyber Incident & Response Team (CIRT; Tier 3), Detection & Response Engineering Team (D&R Eng.), and Compliance and Assurance Team (C&A). This includes cyber threat intelligence, brand and digital footprint monitoring, security incident and event monitoring, cyber analytics, incident management and forensic analysis.[SCB1] [VD2]

CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties.

The Detection & Response Engineering team is comprised of –

• Detection/System Network Engineers – who implement and maintain threat detections.
• SOAR developers – who develop responses such as playbooks, automations etc.

Role
Candidates in this role are responsible for the development and maintenance of the code and capabilities of the Security Orchestration, Automation and Response (SOAR) platform.

Candidates will work with the Manager of Detection & Response Engineering and will work jointly with our detection engineering, threat detection and response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features within the SOAR platform.

The Candidates' Main Responsibilities Will Be To

• Focus on the development, maintenance, and delivery of new Security Orchestration and Automation content including custom SOAR Playbooks, Automations/Scripts, Jobs, dashboards, reports, widgets, RESTful API integrations, and code via Continuous Integration / Continuous Delivery pipelines adhering to an Agile development practice
• Reduce Incident Response efforts and increase quality leveraging XSOAR for Security Orchestration, Automation and Response (SOAR)
• Automate manual SOC procedures and develop, implement, and maintain playbooks
• Detail SOAR workflows, scripts, and develop, test and debug code and use established code repository for tracking.
• Use python/other scripting languages to perform the customizations to develop the required automation.
• Work with the existing playbook framework and ensure the amendments are hooked accurately to the existing framework.
• Prioritize and coordinate backlog of SOAR integration and automation requests, making sure we have a healthy balance between defect resolution and new features.
• Work in partnership with the incident response team to craft find opportunities for improvement

Qualifications
Technical Skills

• 3+ year prior experience in a similar position
• Sophisticated knowledge of the Palo Alto Cortex XSOAR platform
• Ability to create documentation for Palo Alto Networks Cortex XSOAR playbooks
• Proficient in Python, JavaScript, and PowerShell are an asset
• Good understanding of REST/SOAP/WSDL/XML (Web services)
• Understanding of cybersecurity incident response procedures, experience as a Security Incident Responder or SOC analyst is a plus
• Strong understanding of cybersecurity technologies, protocols, and applications

Soft Skills

• Strong analytical skills to evaluate complex multivariate problems and find a systematic approach to gain a quick resolution, often under stress
• Strong problem solving, documentation, process execution, time management and interpersonal skills.
• Ability to communicate sophisticated information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Passion and drive to work in start-up division with potential of significant growth in scope and services

About Us
Why join us
Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.

What We Offer

• Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries.
• Practice your talents in a highly professional international environment.
• Join a learning and development environment with an emphasis on knowledge sharing and training.
• Competitive salary and comprehensive benefits.

New ways of working
Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.

Great Place to Work for All
We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.

About The Team
As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the companys' business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to adequately and effectively protect our information assets.