Job Description

Source One is a consulting services company and we’re currently looking for the following individuals to work for an on-demand, autonomous ride-hailing company in Foster City, CA.

** We are unable to work with third party companies or offer visa sponsorship for this role.

Title: SOC Engineer (contract)

Pay Rate: $94.25/hr (W-2)

Hybrid: 3 days/week on-site

Description: SOC Engineers to help enhance the company’s security posture by driving automation and conducting proactive threat hunting. The ideal candidates have a strong InfoSec background with deep experience in SIEM and SOAR platforms, including rule and playbook development, along with proficiency in Python scripting for automation.

There are two positions: One role focused more on the SIEM side (Elastic is what they use, but Splunk ok), and the other role focused more on automation for detection.

As an SOC Engineer, you'll:

- Develop and fine-tune detection and correlation rules, dashboards, and reports within the SIEM to accurately detect anomalous activities.

- Create, manage, and optimize SOAR playbooks to automate incident response processes and streamline security operations.

- Utilize Python scripting to develop custom integrations and automate repetitive tasks within the SOC.

- Build and maintain automation workflows to enhance the efficiency of threat detection, alert triage, and incident response.

- Integrate various security tools and threat intelligence feeds with our SIEM and SOAR platforms using APIs and custom scripts.

- Conduct proactive threat hunting to identify potential security gaps and indicators of compromise.

- Analyze security alerts and data from various sources to identify and respond to potential security incidents.

- Collaborate with Information Security team members and other teams to enhance the overall security of the organization.

- Create and maintain clear and comprehensive documentation for detection rules, automation workflows, and incident response procedures.

Key Responsibilities:

- SIEM and SOAR Platform Management: Maintain our SIEM and SOAR platforms to ensure optimal performance and effectiveness in detecting and responding to security threats. Develop and fine-tune detection and correlation rules, dashboards, and reports within the SIEM to accurately detect anomalous activities. Create, manage, and optimize SOAR playbooks to automate incident response processes and streamline security operations.

- Automation and Scripting: Utilize Python scripting to develop custom integrations and automate repetitive tasks within the SOC. Build and maintain automation workflows to enhance the efficiency of threat detection, alert triage, and incident response. Integrate various security tools and threat intelligence feeds with our SIEM and SOAR platforms using APIs and custom scripts.

- Incident Response and Threat Hunting: Conduct proactive threat hunting to identify potential security gaps and indicators of compromise. Analyze security alerts and data from various sources to identify and respond to potential security incidents.

- Collaboration and Documentation: Collaborate with Information Security team members and other teams to enhance the overall security of the organization. Create and maintain clear and comprehensive documentation for detection rules, automation workflows, and incident response procedures.

Top Skills:

- SIEM: InfoSec background Incident response/threat hunting Rule creation (some query language experience needed)

- SOAR/Automation: Python automation, big data, systems Cortex XSOAR is pretty established - maintaining existing playbooks, logic changes, bug fixes

Required:

- 6+ years of experience in a Security Operations Center (SOC) environment or a similar cybersecurity role

- Hands-on experience with managing and configuring SIEM platforms (e.g., Elastic SIEM, Splunk, QRadar, Microsoft Sentinel)

- Demonstrable experience with SOAR platforms (e.g., Palo Alto Cortex XSOAR, Splunk SOAR) and playbook development

- Proficiency in Python for scripting and automation of security tasks

- Strong understanding of incident response methodologies, threat intelligence, and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST)

- Excellent analytical and problem-solving skills with the ability to work effectively in a fast-paced environment

Preferred:

- Relevant industry certifications such as CISSP, GCIH, or similar

- Experience with cloud security and environmental constructs (AWS, Azure, GCP)

- Familiarity with other scripting languages (e.g., PowerShell, Bash)

- Knowledge of network and endpoint security solutions

Job Tags

Similar Jobs