SIEM/SOAR Engineer

IDBank CJSC

- SOAR / Automation - Design and build automated response playbooks/workflows in the SOAR platform (enrichment, ticketing, containment, notifications) - Integrate SOAR with SIEM, EDR, ticketing/ITSM, threat intel feeds, email gateways, and network/security devices - Convert manual SOC runbooks into automated sequences to reduce MTTR - Write and maintain scripts in JavaScript, Python, Bash, and Windows Batch to:parse and transform logs, pull/push data via REST APIs, automate onboarding of new sources - Build small helper tools for the SOC team to speed up investigation and enrichment

- 3+ years of experience in Information Security/ Information Technology / SOC / Cybersecurity Operations/ Development Operations - Hands-on experience with at least one enterprise SIEM platform (e.g. Splunk, Elastic SIEM, Microsoft Sentinel, ArcSight, Wazuh, etc.) - Experience with at least one SOAR platform (native SIEM SOAR, Cortex XSOAR, IBM SOAR, Splunk SOAR/Phantom, Arcsight or similar) or Ansible - Strong scripting skills: JavaScript – for SIEM/SOAR apps, JSON manipulation, API calls; Python – for integrations, enrichment scripts, automation tasks; Bash – for Linux-based log collection and preprocessing; Batch/PowerShell basics – for Windows-based log tasks and agents - Solid understanding of log formats (syslog, JSON, CEF, LEEF), parsing, field extraction, normalization, and enrichment - Good knowledge of TCP/IP, HTTP/S, DNS, authentication (AD/LDAP/Kerberos) from a logging/security perspective - Ability to work with REST APIs for security tools integration - Good to have documentation skills - Experience creating detection content/use cases (MITRE ATT&CK mapping) - Experience integrating threat intelligence feeds and automating enrichment - Familiarity with ITSM/ticketing systems (ServiceNow, Jira, ManageEngine, etc.) - Experience in high-availability SIEM setups and log collection architectures - Security certifications (e.g. CyberOps Associate, SC-200, Splunk Core Certified Power User, QRadar, Sentinel, CySA+, SSCP) are a plus - Analytical mindset and attention to log/data quality. - Ability to translate SOC needs into technical automation. - Comfortable working with infrastructure and application teams. - Proactive, able to work in an Information Security environment with multiple parallel tasks.

Apply here https://idbank.bamboohr.com/careers/201 Please mention in your application that you have learned about this position from MyJob.am