Lead SOAR Engineer
On-site · Austin, Texas, United States
Job Summary
Lead Security Operations Engineer to design, implement, and lead the SOAR platform. Build and optimize security automation, develop playbooks and integrations with security tools, mentor the security team, collaborate with other security groups, document workflows, and report on program success. Requires 5+ years of SOAR-related experience, strong Python scripting, and hands-on experience with Cortex XSOAR, Tines, or Splunk ES; familiarity with SIEM/EDR and threat intel; knowledge of MITRE ATT&CK and NIST frameworks; certifications such as GCED/GCIH/GMON/CEH are valuable.
Required Qualifications
- 5+ years’ experience as a SOAR Engineer
- Deep expertise in designing, building, and maintaining automated security workflows and playbooks using a SOAR platform to integrate and orchestrate security tools like SIEM, EDR, and threat intelligence platforms
- Analytical Skills: ability to analyze complex security challenges and develop data-driven automation solutions
- Excellent written and verbal communication skills
- Hands-on experience with leading SOAR platform (Cortex XSOAR, Tines, Splunk ES) and advanced scripting in Python
- Certifications such as GCED, GCIH, GMON, CEH (preferred) or other ISC2/CompTIA certifications
- Scripting Skills: Python, Go, Bash, or PowerShell, JavaScript
- Knowledge of MITRE ATT&CK, NIST frameworks
- Leadership experience: small team or project leadership
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.