Soar developer
Remote Role
We are seeking a skilled SOAR (Security Orchestration, Automation, and Response) Developer to design, develop, and maintain automated security workflows that enhance incident response, improve SOC efficiency, and reduce mean time to detect and respond (MTTD/MTTR).
The ideal candidate will work closely with SOC analysts, threat intelligence, and engineering teams to automate security operations and integrate multiple security tools.
Key Responsibilities
Design, develop, and maintain SOAR playbooks and automation workflows
Integrate SOAR platforms with SIEM, EDR, firewalls, IAM, ticketing systems, and threat intelligence platforms
Automate incident response for phishing, malware, endpoint alerts, and security incidents
Customize scripts and connectors using Python, REST APIs, and SDKs
Collaborate with SOC analysts to translate manual processes into automated workflows
Optimize playbooks for performance, reliability, and scalability
Perform troubleshooting, debugging, and enhancement of SOAR integrations
Maintain documentation for playbooks, integrations, and workflows
Support continuous improvement of SOC automation maturity
Required Technical Skills
SOAR Platforms
Experience with one or more of:
Palo Alto Cortex XSOAR
Splunk SOAR (Phantom)
Microsoft Sentinel SOAR (Logic Apps)
IBM Resilient
Swimlane
Rapid7 InsightConnect
Programming & Scripting
Strong Python scripting
Experience with REST APIs, JSON, and webhooks
Familiarity with Power (nice to have)
Security Tools & Integrations
SIEM (Splunk, QRadar, Sentinel, Elastic, etc.)
EDR/XDR (CrowdStrike, Defender, SentinelOne, Carbon Black)
Email Security (Proofpoint, Mimecast, Defender for O365)
Firewalls (Palo Alto, Fortinet, Check Point)
Threat Intelligence platforms (MISP, Anomali, VirusTotal, OTX)
Ticketing systems (ServiceNow, Jira)
Security & SOC Knowledge
Contact Information
Email: neeraj.mahra@sparinfosys.com
Click the email address to contact the job poster directly.