SOC Analysis

**Job description**

**SOAR Engineer Role Profile Position**:
**SOAR Engineer Location: Doha, the State of Qatar**

**Total Experience: A minimum of 3-years’ experience in SOAR implementation and support, or a minimum of 5-years or more experience in a cyber security engineering role**.

**Description**:
**Required Skills**:

- Strong knowledge of frameworks such as Cyber Kill Chain, the MITRE ATT&CK Framework and Adversary Tools Tactics/Techniques and Procedures
- Understanding of classic and emerging threat actor tactics, techniques and procedures in both pre-exploitation and post-exploitation phases of attack lifecycles
- Experience using Python for the purpose of automating security operations and incident response processes.
- Strong understanding of security architecture, tool integration, API development and automation.
- Deep understanding of Incident Response processes (Detection, Investigation, and response).
- Understanding of common SOC and SOAR processes and workflows.
- Working knowledge of network TCP/IP protocols.
- Experience using ELK and a working knowledge of SIEM tools, EDR/NDR/XDR tools, and other security solutions.
- Exceptional written and verbal communication skills.

**Educational Qualifications**:

- Relevant Degree Additionally, one or more relevant industry certification such as GCIH or vendor certification Swimlane Certified SOAR Administrator (SCSA) Swimlane Certified SOAR Developer (SCSD).

**Desirable**:

- Familiarity and experience working within the region
- Experience working as part of a MSSP or MDR provider
- Experience working with continuous operations (24/7)
- Experience with Security Orchestration, Automation and Response (SOAR) technologies
- Experience with Python scripting language for automation and Working knowledge of REST APIs, JSON, HTML/CSS, JavaScript, XML
- Experience with operating system internals for both Linux and Windows platforms.
- Knowledge of networking and network protocols (TCP/UDP, DNS, HTTP/HTTPS, SSH, FTP, etc.

)
- Experience with log management platforms (Elasticsearch/Logstash/Kibana - ELK / Elastic Stack) and SIEM tools
- Experience with network and host-based monitoring and detection tools e.g., EDR/NDR/XDR solutions.

**Roles and Responsibilities**:

- Act as a Technical Subject Matter Expert, be the primary point of contact for Security Automation, Orchestration, Playbooks, Python Automation, API-based automation, Incident Response lifecycle automation, and Security Automation
- Develop, implement, and execute standard procedures for SOAR platform administration.
- Design, Deployment, and Maintenance of SOAR platforms (including content management, change management, version/patch management, and lifecycle management).
- Work closely with the Security Operations Center (SOC) and Security Engineering teams to improve existing automation and deliver resilient security solutions
- Assess, design, and improve SOC processes and workflows with a focus on integrating automation through Security Orchestration, Automation and Response (SOAR) tools.
- Implement SOC automation and ensure continued compatibility with existing detection and response tools
- Integrate new sources and build playbooks to properly triage and respond to security incidents while reducing the time needed to analyze each event.
- Develop custom scripts to automate current detection and response workflows.
- Build pipelines to enrich logs and alert results to provide a comprehensive view for SOC analysts.
- Operate and help mature a SOC playbook, workflow automations and use cases
- Assist with client setup transition and onboarding, serve as primary point of contact for Managed Security Service client.

**Salary**: QAR6,000.00 - QAR13,000.00 per month

Ability to commute/relocate:

- Doha: Reliably commute or planning to relocate before starting work (required)