SOAR Engineer, Cyber Defense Detection

About the role

The SOAR Engineer will enable and maintain the technology stack required for daily operations within a Cyber Defense Center. You will work closely with Security Architects, Analysts, client IT teams and other stakeholders to define requirements, deliver recommendations and ensure the security operations environment is effective and resilient.

Key responsibilities

• Enable and configure SIEM and SOAR platforms to support the client’s Security Operations Center.
• Create and tune detection content, automation playbooks and integrations with security tools.
• Collaborate with cross‑functional teams to gather requirements and drive security improvements.
• Maintain operational readiness of detection and response technologies, identifying gaps and implementing enhancements.
• Administer a variety of information security technologies and stay current with emerging threats and solutions.

Required profile

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity or equivalent practical experience.
• At least 3 years of experience in detection engineering, SOAR automation, or a related role.
• Minimum 3 years working with SOC/CSIRT or incident response teams.
• Experience with detection tuning using SIEM, EDR or NDR tools.
• Proficiency in scripting languages such as PowerShell and Python.
• Preferred certifications: Security+, Network+, CCNA, CISSP, GSEC, GCIH, etc.
• Experience with SPL, KQL, YARA‑L or similar query languages and SIEM log flow.
• Hands‑on experience managing SOAR platforms, APIs and automation playbooks.
• Knowledge of content engineering within SIEM platforms and logging for Linux and network devices.

Required skills

• Python
• PowerShell
• SIEM (detection tuning, rule creation)
• EDR
• NDR
• SPL
• KQL
• YARA‑L
• API integration
• SOAR platforms
• Content engineering
• Linux logging
• Network equipment logging