Security Consultant (SOAR) - Contract - Columbia, SC Remote

About The Position

Requirements

• 5+ years of experience with SOAR platforms or security automation solutions
• 5+ years of experience supporting large enterprise IT environments or system deployments
• Strong hands-on experience with automation platform design, implementation, and administration
• Experience with Rest API's, JSON, and YAML
• Experience with scripting and automation (Python, Bash, PowerShell, or similar)
• Familiarity with MITRE ATT & CK framework
• Experience working in multi-tenancy environment; multi-agency or enterprise service projects
• 8+ years of experience in security architecture may be substituted in lieu of education

Nice To Haves

• Hands-on experience with Cortex XSOAR
• Experience developing advanced security automation playbooks
• Knowledge of SIEM, EDR, and threat intelligence integrations
• Experience supporting enterprise incident response and SOC operations
• Experience creating dashboards and operational reporting
• Prior experience in public sector, multi-agency, or large enterprise service environments
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CISM or equivalent advanced security certification
• CEH, OSCP, GPEN, or similar cybersecurity certifications
• Vendor-specific certifications in SOAR or automation platforms

Responsibilities

• SOAR Platform Engineering & Administration: Design, develop, implement, and maintain automation workflows within the enterprise SOAR platform. Build and optimize security orchestration playbooks for incident detection, triage, investigation, and response. Continuously improve existing automations to enhance efficiency, scalability, and response times. Administer and maintain SOAR platform configurations, workflows, and integrations.
• Automation Development & Optimization: Develop automated response workflows for security alerts and incidents. Create logic-driven playbooks to reduce manual intervention and accelerate remediation. Identify opportunities to automate repetitive security operations tasks. Optimize existing automation processes for performance, reliability, and operational effectiveness.
• Integration Engineering: Build and maintain integrations between the SOAR platform and enterprise security tools, including SIEM platforms, Endpoint Detection and Response (EDR) solutions, Firewalls, Threat intelligence platforms, and Ticketing and case management systems. Develop and maintain API-based integrations with internal and external systems.
• Custom Scripting & Development: Develop custom scripts and connectors when out-of-the-box integrations do not meet business requirements. Utilize scripting languages such as Python, PowerShell, or Bash to extend SOAR functionality. Create reusable automation modules and supporting utilities. Ensure code quality, maintainability, and adherence to security best practices.
• Security Operations Support: Collaborate with Security Operations Center (SOC), Incident Response (IR), and Engineering teams. Support incident investigation, response, and remediation activities through automation. Enhance security monitoring and response capabilities through improved workflows. Assist in operationalizing new security use cases and response procedures.
• Documentation & Knowledge Management: Develop and maintain comprehensive documentation for Playbooks, Runbooks, Integration configurations, Troubleshooting procedures, and Standard operating procedures. Ensure documentation is current, accurate, and accessible.
• Stakeholder Engagement & Collaboration: Engage directly with internal teams and external stakeholders to understand requirements. Support adoption of centralized security services across multiple organizations or agencies. Provide technical guidance, training, and best practices related to SOAR capabilities. Deliver excellent customer service and communication in stakeholder-facing interactions.
• Reporting & Dashboard Development: Design and maintain operational dashboards and reporting metrics. Develop reports to measure automation effectiveness, incident response improvements, and platform utilization. Provide insights into security operations performance and trends.