Share this Job

SOAR Engineer

Date: 18-Nov-2021

Location: Singapore, SG

Company: ST Engineering Group

This role is focused on managing the Security Orchestration, Automation and Response platform used to automate the incident detection and response to cyber security threats and alerts. This person will have the opportunity to work on technology and processes with a global reach and is an integral part of the security controls that ST Engineering uses to protect its data and intellectual property.

 

To be successful you'll need to demonstrate you have the skills and aptitude to understand and support our complex systems and processes that enable the delivery of our world-class services. This position also requires the ability to: work with a variety of different groups; communicate effectively electronically and in person, drive a problem to resolution or know when to escalate and seek assistance; work independently and as part of a team; also requires a keen attention to detail and follow through on work items.

 

Responsibilities:

  • Work with the SOC team to design new, or improve existing automation, and ensure compatibility with existing integrations
  • Assess and improve current SOC processes and workflows, focusing on integrating automation through the SOAR platform and other tools and technologies.
  • Design and build playbooks to ensure triage and responds activities are executed properly to reduce time needed to analyse and react to an incident.
  • Integrate new data sources, and develop scripts when required to automate detection and workflows
  • Conduct detailed & comprehensive reviews of the SOC alert statistics to measure efficiency of the workflows, and reduce false positives.
  • Work with the SOC team to improve SIEM infrastructure to improve detection accuracy, flexibility and reliability, with a focus on ensuring quality inputs into the SOAR.
  • Design and build practical SOAR dashboards for SOC Analysts to have a comprehensive point of time and trending view of logs and alerts
  • Own the SOAR platform and mature SOC playbooks, automations and uses cases.
  • Identify opportunities to improve process and/or tools to ensure highest level of quality, including documentation, mentoring and training sessions.
  • Participation in the development of new SIEM rules and analytics stories.
  • This is a new role and the candidate is expected to setup, design and formulate the supporting documents surrounding the operation of the SOAR platform, and establish a framework of processes and procedures for the day-to-day operations of the SOAR, and conduct continuous improvement for the team.
  • Assist in any ad-hoc tasks when necessary

 

Requirements / Qualifications:

  • 2+ years working experience on Security Orchestration, Automation and Response tools and technologies, preferably in a SOC environment
  • 2+ years experience with common security operations systems, Intrusion Detection Systems (IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, etc.
  • 2+ years experience with Python scripting language for automation
  • Experience with a wide variety of security logs to detect and resolve security issues
  • Strong problem resolution, judgment and decision making skills
  • Fosters proactive and cooperative relationships within own team and other individuals/groups that interface with the team
  • Excellent interpersonal and group dynamic skills
  • Ability to deal with the ambiguity associated with working in a fast paced and changing environment
  • Excellent written and oral communication skills
  • Experience with security events, including participation in large-scale breaches and the ability to identify themes and trends out of large datasets.
  • Degree or Diploma in Computer Science, IS, or related field or three years of equivalent experience
  • Only Singaporeans

 

Highly Preferred:

  • Understanding of or exposure to multiple programming and scripting languages a plus
  • Experience in developing correlations between disparate event sources and databases
  • Understanding of threat actor tactics, techniques and procedures in both pre and post-exploitation phases of attack lifecycles.
  • Experience using Python for the purpose of automating security operations and incident response processes.
  • Strong understanding of security architecture, tool integration, API development and automation.
  • Deep understanding of Incident Response processes.
  • Fingertip understanding and familiarity of common SOC and SOAR processes and workflows