SOAR Cybersecurity Engineer
Bucuresti, RO
NTT DATA Romania
Who we are
NTT DATA Romania is looking for a highly motivated and skilled Cyber Security Engineer with a strong focus on Security Orchestration, Automation, and Response (SOAR) to join our cybersecurity operations team. The ideal candidate will possess hands-on experience in designing, developing, and maintaining SOAR playbooks, coupled with a solid foundation in cybersecurity concepts and incident response frameworks. This role is integral to the advancement and automation of our security operations processes.
You will be a member of the Cybersecurity Competence Center, where your skills and contributions to security systems delivery will be very visible. The team is international so you will use English both written and orally, German knowledge would be an advantage.
What you'll be doing
- Design, develop, test, and maintain SOAR playbooks across multiple platforms
- Implement and integrate with REST APIs for threat detection, analysis, and remediation workflows
- Perform administration, tuning, and optimization of SOAR platforms
- Develop automation scripts and logic using Python and JavaScript to enhance security workflows
- Collaborate with cross-functional teams to integrate SOAR with SIEM, EDR, threat intelligence, and incident response tools
- Maintain up-to-date knowledge of authentication mechanisms such as OIDC and OAuth
- Manipulate structured data formats including JSON, XML, and transformation languages such as jsonata
- On Call and On Duty responsibilities
What you'll bring along
- Minimum 3-5 years of experience in a similar role
- Proficient in Python scripting, with practical experience in automation within a security context
- Hands-on experience with SOAR playbook development and maintenance
- Working knowledge of JavaScript scripting for browser or server-side logic
- Strong expertise in REST API integration and testing tools (e.g., Postman)
- Experience with SOAR platform administration
- Familiarity with authentication protocols and standards (OIDC, OAuth, etc.)
- Experience with data formats and tools: JSON, XML, jsonata
- General understanding of: Cybersecurity principles, SIEM platforms, Endpoint Detection and Response (EDR) tools such as Crowdstrike or Microsoft Defender, MITRE ATT&CK framework, Threat Intelligence tools and platforms, Incident Response workflows
- English proficiency, German it would be a plus
- Experience with one or more of the following SOAR platforms is highly desirable: Swimlane 10x (preferred), Cortex XSOAR, Splunk Phantom, Google Siemplify
- Nice to Have: Experience in ServiceNow administration, including tables, relationships, and SecOps module development
- Nice to Have: User and access management skills with tools such as KeyCloak and ServiceNow, with an emphasis on least privilege principles
- Nice to Have: Understanding of relational (e.g., MariaDB) and non-relational (e.g., MongoDB) databases, including API-based integrations
- Nice to Have: Familiarity with containerization tools such as Docker
- Nice to Have: Experience configuring and integrating with monitoring and alerting platforms (e.g., Prometheus, Grafana, Opsgenie)
- Nice to Have: General experience with cloud platforms and environments
- Nice to Have: Competency in Linux environments and command-line operations
- Nice to Have: Basic knowledge of Bash scripting
- Nice to Have: Strong analytical thinking, problem-solving, and context-switching capabilities
- Strong communication and documentation skills
- Ability to work independently and collaboratively in a dynamic team environment
- Proven ability to prioritize and manage multiple tasks efficiently
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Automation Bash Cloud CrowdStrike Docker EDR Grafana Incident response JavaScript JSON Linux MITRE ATT&CK MongoDB Monitoring PostMan Prometheus Python REST API Scripting SecOps SIEM SOAR Splunk Swimlane Threat detection Threat intelligence XML XSOAR
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.