Role Proficiency:

Serve as the first point of contact for cyber security incidents escalations and investigation. Work with different teams to improve service provided by SOC to clients around the globe.

Outcomes:

React on cyber security incident escalation from L1 or customer on defined SLA and with proper investigation Analyze the L1 processes and create a new relevant process for service Analyzing the L1 requests for SIEM rule tuning and suggest relevant changes Perform trends analysis on collected data (s and incidents) and detection rules coverage Providing trainings for L1 on new technologies and tools Work with different teams (SIEM L1 TAM and etc) to provide required service to customers Perform review on handled s

Measures of Outcomes:

Accurate review on all handled s by L1 daily Reply to escalation on time based on defined SLA Number of False Positive detections reduced Percentage of threats that are blocked detected and reported

Outputs Expected:

Incident Advance investigations :

Investigate an incident escalated from previous layer Include investigation in customer’s security tools

Review and improve work and processes in L1 team:

Performing daily review on L1 activity (closed and escalated s/incidents) to validate that the investigation is in required quality and the decisions are correct

Improve SOC detection and monitoring service :

Analysis the triggered detection rules in SIEM solution to reduce a false positive rate and improve detection quality

Skill Examples:

SIEM IPS WAF etcFast self-learningGood analytic skillsGood soft skills (Verbal and writing)Presentation skill (Verbal)Programming languages such as C C# Python Perl Java PHP and Ruby on Rails

Knowledge Examples:

Knowledge Examples

Experience as SOC analyst or parallel role in cyber security Good knowledge in cyber security area: Understanding attack methods and tools understanding the attack vectors be familiar with defence methodology be updated on current trends in cyber Have experience in incident guideline definitions

Additional Comments:

Google SOAR Automation Engineer CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively. CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services. CyberProof is looking for a skilled Security Automation Engineer with expertise in Google Security Orchestration, Automation, and Response (SOAR) platform to join our dynamic team and contribute to the development and implementation of cutting-edge automation solutions to enhance our security operations. As an Automation Engineer specializing in Google SecOps SOAR, you will be responsible for designing, developing, and deploying automation solutions to streamline security operations, improve threat detection, and enhance incident response capabilities. You will collaborate closely with security analysts, engineers, architects, clients, and other stakeholders to identify automation opportunities, develop custom integrations, and optimize workflows within the Google SOAR platform. Responsibilities: • Design and implement automated workflows and playbooks to streamline and optimize security operations processes. • Customize and integrate security tools, systems, and processes with Google SecOps SOAR to enhance threat detection and response capabilities. • Design, develop, implement, and maintain automation scripts, tools, and workflows within the Google SOAR to automate routine security tasks, including log analysis, incident triage, and response orchestration. • Maintain and improve the Google SOAR platform, ensuring its effectiveness and efficiency. • Collaborate with security analysts to understand their workflow and automate repetitive tasks, allowing them to focus on complex threat analysis. • Continuously evaluate new security technologies and update automation playbooks accordingly. • Participate in incident response efforts, providing automation support to accelerate detection, investigation, and remediation. • Measure and report on the effectiveness of automated processes, making improvements as necessary. • Provide technical support and troubleshooting assistance for automation-related issues. • Stay current with the latest cybersecurity trends and emerging technologies in security automation to drive innovation and continuous improvement. • Document automation processes, procedures, and best practices for knowledge sharing and training purposes. Requirements: • Minimum of 3 years of experience in cybersecurity, preferably within a SOC environment. • Hands-on Experience with security incident response and investigation processes. • Mandatory experience with Google SecOps SOAR platform or Siemplify – playbook design and implementation. • Proven hands-on experience in automation development, scripting, and programming languages such as Python, PowerShell, or Bash. • Strong understanding of cybersecurity principles, technologies, and best practices. • Experience with security tools and technologies, including SIEM, IDS/IPS, endpoint security solutions, and threat intelligence platforms. • Strong analytical and problem-solving skills to identify automation opportunities. • Strong communication and collaboration skills, with the ability to work effectively in a team environment. • Ability to work independently; self-starter/self-motivated. Advantages: • Solid understanding of networking concepts, protocols, and architectures. • Experience with cloud-based service architecture. • Experience with ALM tools, especially Jira. • Relevant information security certifications are a plus.