Cyber Security Engineer Lead

Job Description Summary

As part of the Sandoz Security Operations team the SOAR & Security Tools Engineer will be responsible for leading the implementation, and optimization of security orchestration, automation, and response (SOAR) platforms and other security tools within an organization. You will play a crucial role in enhancing the organization's cybersecurity capabilities by automating security processes, integrating security tools, and maximizing the efficiency of incident response.

 

Job Description

Major accountabilities (In addition to list above in Job Description summary):

• Ensure integration of all Cyber Security Tools with their target platform, cross-information sharing and identify opportunities for automation.

• Support the optimization of the Sandoz SOAR platforms.

• Collaborate with stakeholders to define requirements and develop strategies for leveraging the SOAR platform to improve security operations.

• Design and develop complex automation workflows, playbooks, and scripts to automate security tasks and processes.

• Integrate the SOAR platform with other security tools and technologies, such as SIEM (Security Information and Event Management) systems, threat intelligence platforms, and endpoint detection and response (EDR) systems.

• Develop custom connectors, APIs, and scripts to enable seamless data sharing and automation between the SOAR platform and other security tools.

• Optimize and fine-tune the performance of the SOAR platform and associated workflows to ensure maximum efficiency and effectiveness.

• Collaborate with incident response teams to optimize workflows and playbooks based on real-world incident scenarios.

• Stay updated with the latest trends and technologies in security orchestration, automation, and response.

• Evaluate and recommend new security tools and technologies that can enhance the organization's security posture.

• Collaborate with vendors and service providers to ensure proper support, maintenance, and licensing of the SOAR platform and security tools.

• Configure, maintain and administer, technology related to event monitoring, including SIEM tools, alert engineering, etc

Minimum Requirements:

• At least 6 to 8+ years of experience as a SOAR Engineer/Cyber Security Engineer Lead/SOAR Architect

• Strong technical proficiency in security technologies, networking concepts, and incident response processes.

• Extensive experience in managing SOAR platforms, such as Microsoft Sentinel.

• Proficiency in scripting and programming languages, such as Python or PowerShell, to develop automation workflows and custom integrations.

• Knowledge of REST APIs, webhooks, and other integration methods for connecting the SOAR platform with external systems.

• Familiarity with security tools and technologies, such as SIEM, threat intelligence platforms, EDR systems, and vulnerability scanners.

• Strong analytical and problem-solving skills to troubleshoot issues and propose effective solutions.

• Excellent collaboration and communication skills to work effectively with cross-functional teams and stakeholders.

• Understanding of security operations center (SOC) processes, incident response frameworks, and industry best practices.

• Relevant certifications such as Certified SOAR Practitioner (CSOP), Certified Incident Handler (GCIH), or Certified Information Systems Security Professional (CISSP) are beneficial.

 

Skills Desired

Communication Skills, Cyber-Security Regulation, Cyber Threat Hunting, Cyber Threat Intelligence (Cti), Cyber Threat Management, Cyber Vulnerabilities, Decision Making Skills, Influencing Skills, Information Security Risk Management