SOAR Engineer - PaloAlto

Cywarden Inc.

Mohali, India

8-10 Years

Save

Posted 5 hours ago
Be among the first 10 applicants

Early Applicant

Job Description

Job Title:SOAR Engineer

Location:Chandigarh

Experience:8+Years

Employment Type:Full-time

About the role

JoinCywardenas a hands-on SOAR & SIEM Engineer to design, deploy andoperateautomated security orchestration and advanced detection at scale.You'llimplement and own Cortex playbooks and Sentinel content, integrate ticketing and threat-intel pipelines, and accelerate the SOC's ability to detect, investigate, and respond turning repeat incidents into automated, reliable remediation.

What success looks like

You will deliver a production-ready Cortex XSOAR automation platform, a tuned Microsoft Sentinel detection stack, and a set of robust playbooks and runbooks that reduce MTTR, improve analyst effectiveness, and drive measurable SOC maturity.

Core responsibilities

Phase 1 Deploy & configure SOAR

Deploy and harden a Cortex XSOAR environment; implement multi-tenant/role-based access, logging, and backup policies.
Integrate telemetry and tooling: ingest alerts and context fromMicrosoft Sentinel,Cortex XDR, ticketing systems (ServiceNow/Jira), and threat-intel feeds.
Develop automated playbooks for common incident types (phishing, malware, brute force, data exfiltration) that perform triage, enrichment, containment, and ticketing.
Build custom integrations and playbooks using Python and YAML for client-specific workflows and third-party APIs.
Implement incident classification, enrichment pipelines (threat intel, asset CMDB, user context), and auto-remediation flowswheresafe.
Configure case management, SLAs, and automated assignment/notification rules to ensuretimelyescalations.
Create war-room templates, collaboration workflows, and analyst handoff mechanisms.

Phase 2 Operate, maintain & evolve

Maintain playbooks, manage integrations, and respond to evolving use-cases and platform upgrades.
Implement change-management and testing processes for playbook updates and connector changes.
Continuously review playbook performance and implement improvements to reduce false positives and automation errors.
Train SOC analysts on playbook usage, triage automation, and custom integrations.

Microsoft Sentinel & detection engineering

Architect, deploy andoptimizeMicrosoft Sentinel workspaces, connectors, and data ingestion pipelines.
Create, test, and tune analytics rules and hunting queries using KQL;maintainwatchlists, workbooks, and hunting notebooks.
Integrate threat-intel platforms and IOCs into detection logic and SOAR playbooks.
Build automation rules and logic apps that drive triage, enrichment, and automated response actions from Sentinel to XSOAR.
Proactively hunt for threats using advanced KQL and collaborate with threat intel to operationalize new detections.

Escalation, investigations & collaboration

Act as Tier 2/3 escalation point for complex investigations;assistL1 analysts with forensic enrichment and response decisions.
Use Endpoint tooling such asMicrosoft Defender for Endpointand network telemetry tovalidateandcontainthreats.
Produce clear incident documentation, playbook runbooks, and SOC dashboards for leadership and audit purposes.
Mentor junior engineers and analysts on automation best practices, KQL, Python integrations, and incident handling.

Must-have skills & experience

8+ years in security engineering, SOC automation, or incident response;4+ years working with Sentinel or Cortex ecosystems preferred.
Hands-on experience deploying and operating Cortex XSOAR playbooks (Python/YAML) and managing integrations.
Strong Microsoft Sentinel capability: KQL authoring, analytics rule creation, workbooks, data connectors, and automation rules.
Practical experience building Logic Apps or automation that trigger containment actions (isolate host, block IOC, disable accounts).
Solid scripting skills (Pythonrequired; PowerShell/Bash a plus).
Proven ability to translate SOC use-cases into automation and tovalidatesafe auto-remediation.
Good understanding of endpoint forensics, EDR workflows, and log sources (endpoints, AD/Entra, cloud, network).
Excellent documentation skills, clear communicator, and comfortable working in 247 shift environments.

Nice-to-have

Certifications: Palo Alto/Prisma or Cortex XSOAR certifications, Microsoft certifications (SC-200, AZ-500, MS-500).
Experience integrating XSOAR with ServiceNow/Jira and threat-intel platforms.
Familiarity withCribl, Splunk or other log routing/processing tools.
Experience with purple-team exercises, adversary emulation, or building detection content from threat intelligence.