Detection and SOAR Engineer

About The Job

As a Detection and SOAR Engineer at Google Cloud's Mandiant Consulting, you will play a crucial role in enhancing cyber defense capabilities. You'll collaborate with Mandiant Architects, Analysts, and client IT teams to enable the technology and tools essential for effective daily operations within a Cyber Defense Center (CDC).

This involves ensuring the operational readiness of client Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms. Your expertise will be vital in creating robust detection content and automations to streamline daily tasks within the CDC. Additionally, you will configure SIEM, SOAR, and related response technologies to empower client Security Operations Centers (SOCs) with effective incident detection and response.

Mandiant, a part of Google Cloud, is a leader in dynamic cyber defense, threat intelligence, and incident response. Our unparalleled frontline experience and intelligence ensure we are at the forefront of understanding advanced threats.

Minimum qualifications:

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, a related technical field, or equivalent practical experience.
• 5 years of experience in system administration, engineering, or a related technical role, with experience working with SOC/CSIRT, or other incident response related teams.
• Experience with networking, including TCP/IP protocols and network topology, and scripting languages (PowerShell and Python).
• Experience configuring and maintaining SIEM and SOAR technologies.

Preferred qualifications:

• Certifications in one or more of the following: CompTIA Security+, CompTIA Network+; CISCO (CCNA); ISC2 (CISSP); SANS (GSEC, GCIH, GCED, GCFA, GCIA, GNFA, GPEN).
• Experience with SOAR and its dependencies, managing and maintaining SOAR platforms, as well as integrating APIs into automation playbooks.
• Experience managing and maintaining EDR, Network Detection and Response (NDR), or other incident response technologies.
• Experience with SPL, KQL, or similar SIEM query languages, with an understanding of SIEM log flow, aggregation, and forwarding.
• Understanding of security controls for common platforms and devices, including Linux and network equipment.
• Ability to simplify and communicate complex ideas.

Responsibilities

• Identify challenges in customer Cyber Defense Centers (CDC) and formulate strategies for improvement, plan implementation of improvements, and execute/oversee plans to completion.
• Advise on technologies relied upon by the client CDC, Computer Security Incident Response Team (CSIRT), and SOC.
• Create and modify SIEM use cases written in both technology specific query language and Sigma open signature format.
• Create and modify SOAR playbooks written in Python.
• Engage and collaborate with client stakeholders and other groups within customer environment to drive resolution for security issues.
• Provide expertise for SIEM, SOAR and other SOC technologies that assist in incident response.

Key skills/competency

• SIEM
• SOAR
• Incident Response
• Detection Engineering
• Automation
• Python
• Cyber Defense Center (CDC)
• Threat Intelligence
• Security Operations
• Network Security