SOAR Engineer/Analyst (Security Orchestration, Automation, and Response)
Duration: 12 months contract
Pay: £360.26/day PAYE or £495.15/day via umbrella
Location: Remote (UK)
Role Purpose
The SOAR Engineer/Analyst is responsible for designing, developing, implementing, and maintaining automation playbooks to improve incident response efficiency within the Security Operations Centre. This role integrates multiple security tools and workflows, leveraging platforms like, Darktrace, and CrowdStrike to create cohesive and automated threat detection and response mechanisms.
Key Responsibilities
* Playbook Development: Design, implement, and maintain SOAR playbooks for automated response and alert enrichment.
* Tool Integration: Develop and manage integrations with:
* Google SecOps (Chronicle, Security Command Center)
* Darktrace (Threat Visualizer, Antigena)
* CrowdStrike Falcon (EDR, threat intelligence, APIs)
* Other security platforms such as SIEMs, ticketing systems, and firewalls.
* Automation & Enrichment: Automate repetitive security tasks like indicator enrichment, triage, and threat intelligence lookups.
* Collaboration: Work with SOC analysts and threat detection teams to identify and implement automation opportunities.
* Monitoring & Optimization: Continuously evaluate the effectiveness of SOAR playbooks and integrations; fine-tune for performance and accuracy.
* Documentation: Maintain up-to-date technical documentation for SOAR workflows and integrations.
* Support & Enablement: Train SOC team members on playbook usage and ensure smooth adoption of automated workflows.
* Compliance Alignment: Ensure that automation efforts align with compliance, audit, and organizational policies.
Required Skills & Qualifications
* Bachelor's degree in Computer Science, Cybersecurity, or related discipline, or equivalent hands-on experience.
* 2–5 years of experience in security operations or security engineering.
* Hands-on experience with SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR, IBM Resilient).
* Strong familiarity with:
* Google SecOps/Chronicle
* Darktrace (AI-based threat detection)
* CrowdStrike Falcon platform
* Scripting experience in Python, PowerShell, or Bash.
* Experience with REST APIs and JSON for tool integration.
* Working knowledge of incident response frameworks and MITRE ATT&CK.
* Strong problem-solving, critical thinking, and communication skills.
Desirable Qualifications
* Experience with CI/CD for playbook development and version control (e.g., Git).
* Familiarity with other SOC tools (e.g., ServiceNow, Jira, Splunk, Elastic, SentinelOne).
* Security certifications such as:
* SOAR-specific certifications (e.g., Cortex XSOAR Certified Engineer)
* CrowdStrike Certified Falcon Responder
* Google Cybersecurity Certificate
* General security certs (e.g., CySA+, GCIH, CISSP)