Principal Analyst Cyber Security Operations - SOAR

About The Position

Requirements

• 5+ years in automation engineering, SOAR engineering, or DevSecOps.
• Strong scripting/programming experience (Python required; PowerShell, Go, or NodeJS a plus).
• Hands-on experience with: SOAR platforms (Cortex XSOAR, Splunk SOAR, Microsoft Sentinel automation) API integrations and REST/JSON workflows CI/CD tools (GitHub, GitLab, Azure DevOps)
• Deep understanding of SOC processes, alerting workflows, and incident response.
• Experience integrating EDR, VM, identity, and cloud security tools.

Nice To Haves

• Experience with AI-driven automation or LLM-assisted workflow design.
• Certifications: GCSA, GCFA, GCIH, scripting/DevOps certs.
• Experience in hybrid or multi-cloud environments.

Responsibilities

• Lead architecture, development, and maintenance of SOAR playbooks and automation pipelines.
• Automate repetitive security operations and security engineering workflows (EDR, VM scanning, SIEM enrichment, IR actions).
• Integrate security tools and platforms using APIs, scripting, and microservices.
• Improve MTTR and reduce operational overhead through intelligent automation by closely partnering with Security Engineering, IT Operations, and Cloud Teams.
• Develop KPIs to measure automation impact and report operational improvements.
• Lead POCs for new automation platforms and evaluate opportunities for AI-based operations.
• Provide mentorship and code reviews for automation engineers and analysts.
• Partner with security engineering on telemetry strategy, logging requirements, and architectural standards for monitoring visibility.
• Integrate AI/MLdriven detection capabilities into existing pipelines, validating model performance and reducing false positives.
• Maintain ingestion pipelines, parsing logic, normalization rules, and event taxonomies across critical log sources: identity, endpoint, cloud, network, application, and medical systems.
• Lead the design, implementation, and optimization of enterprisewide detection content, including correlation rules, behavioral analytics, machinelearning assisted detections, and anomaly models.
• Develop detection playbooks and logic focused on lateral movement, credential abuse, insider threats, privilege escalation, cloud compromise, and advanced persistent threats.
• Tune, optimize, and enrich detection pipelines with contextual data (identity, asset, threat intelligence, vulnerability data).
• Mentor analysts and engineers globally on detection logic development, data analytics, and platform best practices.
• Serve as a senior escalation point for complex security incidents and investigations

Benefits

• This position offers a comprehensive benefits package including medical, dental, and vision insurance, a 401(k) with company match, paid time off, parental leave and potential for performance-based bonuses depending on company and individual performance