SOAR developer

Division: CISO

Cyber Defense Center is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclear's services, it's supporting assets and people. We do this through the Cyber Threat Management (CTM) capabilities, Security Operations Centre (SOC) which includes monitoring (Tier 1 & Tier 2) and Cyber Incident & Response Team (CIRT; Tier 3), Detection & Response Engineering Team (D&R Eng.), and Compliance and Assurance Team (C&A). This includes cyber threat intelligence, brand and digital footprint monitoring, security incident and event monitoring, cyber analytics, incident management and forensic analysis.[SCB1] [VD2]

CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, and third parties.

The Detection & Response Engineering team is comprised of –

• Detection/System Network Engineers – who implement and maintain threat detections.
• SOAR developers – who develop responses such as playbooks, automations etc.

Role

Candidates in this role are responsible for the development and maintenance of the code and capabilities of the Security Orchestration, Automation and Response (SOAR) platform.

Candidates will work with the Manager of Detection & Response Engineering and will work jointly with our detection engineering, threat detection and response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features within the SOAR platform.

The candidates' main responsibilities will be to:

1. Focus on the development, maintenance, and delivery of new Security Orchestration and Automation content including custom SOAR Playbooks, Automations/Scripts, Jobs, dashboards, reports, widgets, RESTful API integrations, and code via Continuous Integration / Continuous Delivery pipelines adhering to an Agile development practice
2. Reduce Incident Response efforts and increase quality leveraging XSOAR for Security Orchestration, Automation and Response (SOAR)
3. Automate manual SOC procedures and develop, implement, and maintain playbooks
4. Detail SOAR workflows, scripts, and develop, test and debug code and use established code repository for tracking.
5. Use python/other scripting languages to perform the customizations to develop the required automation.
6. Work with the existing playbook framework and ensure the amendments are hooked accurately to the existing framework.
7. Prioritize and coordinate backlog of SOAR integration and automation requests, making sure we have a healthy balance between defect resolution and new features.
8. Work in partnership with the incident response team to craft find opportunities for improvement

Qualifications

Technical Skills

• 3+ year prior experience in a similar position
• Sophisticated knowledge of the Palo Alto Cortex XSOAR platform
• Ability to create documentation for Palo Alto Networks Cortex XSOAR playbooks
• Proficient in Python, JavaScript, and PowerShell are an asset
• Good understanding of REST/SOAP/WSDL/XML (Web services)
• Understanding of cybersecurity incident response procedures, experience as a Security Incident Responder or SOC analyst is a plus
• Strong understanding of cybersecurity technologies, protocols, and applications

Soft Skills

• Strong analytical skills to evaluate complex multivariate problems and find a systematic approach to gain a quick resolution, often under stress
• Strong problem solving, documentation, process execution, time management and interpersonal skills.
• Ability to communicate sophisticated information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Passion and drive to work in start-up division with potential of significant growth in scope and services

#LI-NS1