Cyber Security Architect

Role Summary

The SOAR Architect will lead the design, deployment, and optimization of SOAR (Security Orchestration, Automation, and Response) platforms to enhance cybersecurity operations. This role is pivotal in automating incident response, integrating threat intelligence, and streamlining security workflows across enterprise environments.

Key Responsibilities

• SOAR Platform Architecture & Deployment

• Architect and implement SOAR solutions (e.g., Cortex XSOAR, Splunk Phantom, IBM SOAR) across hybrid environments.
• Design scalable playbooks and workflows to automate triage, enrichment, and response actions.

• Integration & Automation

• Integrate SOAR with SIEM (e.g., Splunk, QRadar), EDR, threat intelligence, and ticketing systems.
• Develop automation scripts using Python, PowerShell, or JavaScript to support custom integrations.

• Incident Response Enablement

• Collaborate with SOC and IR teams to define use cases, automate repetitive tasks, and reduce MTTR.
• Lead root cause analysis and post-incident reviews to improve response strategies.

• Governance & Documentation

• Maintain detailed documentation for playbooks, SOPs, and integration guides.
• Ensure compliance with internal security policies and external regulatory frameworks.

• Mentorship & Knowledge Sharing

• Train SOC analysts and engineers on SOAR capabilities and best practices.
• Act as a subject matter expert during onboarding and platform transitions.

Required Skills & Experience

• 6–10 years in cybersecurity with at least 3 years in SOAR engineering or architecture.
• Hands-on experience with SOAR platforms like Cortex XSOAR, Splunk Phantom, IBM SOAR.
• Strong scripting skills (Python, PowerShell, JavaScript).
• Familiarity with SIEM, EDR, threat intelligence, and ITSM tools.
• Experience in regulated environments (e.g., BFSI, APAC compliance) is a plus.

Mandatory Skills

Security, Threat Intelligence, SOC Operations – SOAR