SOAR/SIEM Administrator - Security Platform

Job Purpose/Summary :
- Evaluate and enhance the performance of SIEM/SOAR systems to ensure optimal threat detection and incident response.- Develop and maintain automation scripts and playbooks to streamline incident detection, analysis, and response processes. Leverage SOAR capabilities to reduce manual intervention and improve response times.
- Oversee the day-to-day administration of SIEM/SOAR platforms, ensuring their availability, reliability, and security. Perform regular updates, patches, and configuration changes.- Collaborate with the Incident Response team to ensure seamless integration of detection and response functions. Provide support during security incidents to ensure timely and effective remediation.- Work closely with other IT and security teams to develop specific use cases and to enhance the overall security posture of the organization. Share insights and recommendations to improve overall cybersecurity posture.- Maintain detailed documentation of automation, scripts, and improvement.- Manage execution of standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/SOAR platforms.- Manage technical documentation around the content deployed to the SIEM/SOAR.- Manage reports, dashboards, metrics for CyberSOC KPIs and presentation to senior management & other stakeholders.Qualification:
- Bachelor's degree in Computer Science, Information Security, EXTC or related field.- Relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are highly desirable.- Proven experience (3+ years) working within the Cybersecurity field, with a focus on security platform implementation & administration.- Experience with deploying and managing a large SIEM/SOAR environment.- Experience with Palo Alto XDR and/or other SIEM platforms like Sentinel, Qradar, Splunk, ArcSight, etc.- Experience with Palo Alto XSOAR and/or equivalent SOAR Platforms like Resilient, Phantom, etc.- Proficiency in scripting languages (e.g., Python, Bash) for automation and customization of security processes is highly desirable.