Cyber Security Engineer (SOAR)

Who We AreJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for nine consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We DoThe Security Engineer is responsible for providing security orchestration, automation, and response (SOAR) solutions that enable the success of Security Operations Center (SOC) initiatives. The Security Engineer primarily interfaces with the SOC as well as other teams within Information Security. design, implement, and maintain SOAR workflows to improve the efficiency and effectiveness of the Security Operations Center (SOC). This role involves creating playbooks, integrating security tools, and automating repetitive tasks while collaborating with SOC analysts and IT teams to optimize incident response. The Security Engineer is also responsible for advising on the SOC’s security automation architecture and strategic roadmap while developing metrics to measure program maturity and value. The overall objective of the Security Engineer will be to build and optimize automation for security operations, enhance our incident response processes, and grow our threat management capabilities.

Responsible for supporting the Information Security Incident Response program initiatives, including protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

This role will be hybrid three days a week onsite in Santa Ana, CA.

What You'll Do:

• Design, develop, and implement SOAR playbooks and workflows.
• Investigates, recommends, evaluates, deploys, and integrates security tools and systems with the SOAR platform to improve our ability to protect corporate assets and infrastructure.
• Automate repetitive SOC processes to improve efficiency and reduce response times.
• Collaborate with SOC analysts to understand operational requirements and tailor automation solutions.
• Monitor and maintain the SOAR platform to ensure optimal performance and uptime.
• Develops test plans and conducts rigorous testing and validation of playbooks to ensure reliability and effectiveness.
• Provide technical expertise and troubleshooting for SOAR-related issues.
• Document playbooks, workflows, and integrations thoroughly for SOC reference.
• Stay updated on advancements in SOAR platforms, cybersecurity threats, and best practices.
• Monitors, reports and resolves security related problems and discrepancies.
• Participates as a member of the Information Security Incident Response Team.
• Participates in Cyber Security Incident investigations.
• Required to perform duties outside of normal work hours based on business needs.

What You'll Bring:

• Must have minimum 3 years information security experience working in a Security Operations Center (SOC).

  Must have 1+ years hands on experience with SOAR technologies and SOC tools.

• License or Certification: CISSP, GCIH, GIAC, or SOAR-specific credentials

• Generally requires a BS Degree in Computer Science, Information Technology, Cybersecurity, or equivalent work experience.

• Must have hands-on working knowledge of SOAR platform(s)

• Must have hands-on working knowledge of integrating security tools and technologies

• Must have minimum 3 years information security experience working in a Security Operations Center (SOC).

  Must have 1+ years hands on experience with SOAR technologies and SOC tools.

• Strong understanding of incident response processes, security tools, and cybersecurity frameworks.

• Proficiency in scripting languages (e.g., Python, JavaScript) for automation and integration.

• Familiarity with APIs and system integrations for security tools.

• Experience with SIEM solutions and threat intelligence platforms.

• Knowledge of IT infrastructure and network security.

• Experience in implementing Information Security technologies and/or processes required.

• Experience in product evaluation and managing vendor relationships required.

• Experience in defining Information Security strategy and integrating security technologies into corporate frameworks.

• Strong communication and collaboration skills.

Pay Range:  $95,300.00- $158,900.00 Annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

What We OfferBy choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. **

First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).

First American intends to conduct a review of an applicant’s criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.