Security Engineer - SOAR

Watts Water•Andover, MA

7d•$115,000 - $125,000•Hybrid

About The Position

We’re Watts. Together, we’re reimagining the future of water. We feel proud every day about what we do. We're all part of the same crucial mission, no matter what function we support -- it's to provide safe, clean water for the world, and to protect our planet's most valuable resource. What we do: For 150 years, Watts has built best-in-class products that are trusted by customers in residential and commercial settings across the world. We are at the forefront of innovation, working with cutting-edge technology to provide smart and connected, sustainable water solutions for the future. Watts is a leading brand with a quality reputation — and we have a dynamic future ahead. Scope of Position The Security Engineer – SOAR & Platform Integration will be a core member of our Security Engineering team, primarily responsible for leveraging automation to accelerate our security functions and drive efficient, comprehensive incident management. This role involves the critical tasks of designing, building, and maintaining our SOAR (Security Orchestration, Automation, and Response) platform and contributing to the technical response and automation of security incidents across the enterprise.. The successful candidate must be a technical expert, passionate about automation, highly analytical, and able to thrive in a dynamic, high-stakes incident response environment. This role can either be hybrid in our Andover, MA location or remote.

Requirements

5+ years of progressive experience in Cybersecurity Engineering, with a focus on Security Operations and SOAR implementation
Bachelor's degree in a technical field required (or combination of education and equivalent practical experience).
Deep technical proficiency in designing, implementing, and managing a SOAR platform (e.g., creating custom connectors, writing Python scripts for automation, developing complex playbooks).
Solid understanding and hands-on experience with Incident Response methodologies and tools.
General familiarity with network security logging concepts (e.g., firewall logs, proxy logs) sufficient to incorporate them into automation workflows.
Familiarity with popular Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint) and how to leverage them for automated response.
Advanced programming/scripting skills in Python (required for SOAR development) and/or PowerShell/Shell Scripting.
Experience integrating security tools using APIs (REST/SOAP).
Strong understanding of SIEM solutions (e.g., Splunk, Microsoft Sentinel) and how they feed into SOAR workflows.
Excellent analytical, problem-solving, and communication skills.
Commitment to Watts’ values of integrity, accountability, continuous improvement and innovation, and transparency.
Punctuality and dependability.
Ability to be flexible and adapt to changing work priorities and stressful conditions.
Adherence to all personnel policies, procedures, and standards of process as implemented by Watts.
Maintain productive and collaborative relationships with other Watts employees.
Adherence to Watts’ seven cultural beliefs: Growth Mindset, Customer-Focused Innovation, Constant Communication, Clear Goals, Collaborate Globally, Be Inclusive, and Take Action.
Ability to remain seated at a desk or workstation for extended periods.
Ability to perform repetitive tasks like typing on a keyboard or using a mouse for extended periods.
Ability to physically move around the office, organize or transport files, packages, or other office-related materials.
Ability to read documents, use a computer, and perform data entry tasks.
Ability to communicate clearly with management and coworkers, particularly in meetings or phone calls.
Ability to operate standard office equipment such as computers, printers, phones, and copiers.
Ability to occasionally lift and carry light objects, such as office supplies, documents, or small equipment.

Nice To Haves

Relevant industry certifications (e.g., GCIH, CISSP, Splunk SOAR Certified Automation Developer) are a plus.

Responsibilities

Design, develop, and maintain security automation playbooks, workflows, and integrations within the SOAR platform.
Lead the technical execution of the Incident Response lifecycle, including detection, analysis, containment, eradication, and recovery for high-priority security incidents.
Integrate the SOAR platform with various security tools, including SIEM, EDR, threat intelligence platforms, and log sources, to create end-to-end automated workflows.
Proactively identify opportunities for automation to reduce manual tasks, improve the speed and accuracy of threat detection, and streamline security operations.
Work with Network and Infrastructure teams to ensure effective logging and data ingestion from network devices (like firewalls) to support automated analysis and response actions.
Work closely with the Endpoint Security team to leverage popular endpoint tools for data collection and response actions executed via SOAR.
Provide metrics and reporting on automation coverage, playbook success rates, and incident response performance.