SOAR Engineer - Secret - DC Metro (hybrid)

An active Secret clearance (US Citizen) is required prior to consideration for this role. Work is mostly remote but requires someone living in the DC Metro area.

• Automate SOC processes by designing and implementing playbooks in a SOAR platform to reduce manual effort, increase consistency, and accelerate response times.
  
  
• Build and enhance incident response workflows using automation, ensuring they align with real-world analyst needs and security best practices.
  
  
• Collaborate with SOC analysts to identify repetitive tasks and propose targeted automation use cases that improve efficiency and accuracy.
  
  
• Standardize and streamline customer-specific workflows through custom-built SOAR playbooks, driving consistent and scalable response across environments.
  
  
• Develop and maintain reporting dashboards within the SOAR platform to provide visibility into automation performance, incident metrics, and operational KPIs.
  
  
• Integrate SOAR with core SOC tools such as ticketing systems, monitoring platforms, and SIEMs, enabling seamless, end-to-end workflow automation.
  
  
• Automate enrichment and context gathering tasks for alerts, such as domain/IP reputation lookups, user behavior analysis, and threat intelligence correlation.
  
  
• Support ad hoc requests from stakeholders by building custom SOAR actions, playbooks, or detections that address urgent or emerging threats.
  
  
• Maintain and evolve incident response playbooks inside the SOAR platform, ensuring they stay aligned with organizational goals and evolving threat landscapes.
  
  
• Become a trusted advisor on automation strategy by developing an in-depth understanding of the customer's critical assets, systems, and workflows to prioritize impactful automation.
  
  
• Design advanced detection and response playbooks that support proactive monitoring and early warning for high-value targets or potential targeted attacks.
  
  
• Contribute to the broader SOC mission by participating in alert triage and continuous improvement of automated responses, particularly when tuning or adjusting playbook logic based on real-world feedback.

• Minimum 3 years experience in SOC operations supporting incident response and/or detection engineering
• Minimum 1 years experience in building automations in a SOAR platform
• Experience working with structured data (JSON) and REST/SOAP API's
• 1+ years of scripting, Python strongly desired
• DOD 8140.01 - DOD8570.01 M IAT Level II, CSSP Infrastructure
• Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
• Knowledge of how common protocols and applications work at the network level, including DNS & HTTPS
• Experience using the Linux command line interface (CLI)

• Experience managing or developing detection logic for enterprise SIEM systems
• Experience with exploitation techniques and use case development
• Experience with IOC datasets (e.g., YARA, OpenIOC, STIX)
• Experience deploying to, and leveraging cloud environments (AWS, Azure, GCP) to extend operational capabilities
• Strong knowledge of network monitoring and network exploitation techniques, including the MITRE ATT&CK technique framework and other common attack vectors