Security Engineer - SOAR

Description

• Design, develop, and maintain security automation playbooks, workflows, and integrations within the SOAR platform.
• Proactively identify opportunities for automation to reduce manual tasks, improve the speed and accuracy of threat detection, and streamline security operations.
• Provide metrics and reporting on automation coverage, playbook success rates, and incident response performance.
• Work with Network and Infrastructure teams to ensure effective logging and data ingestion from network devices (like firewalls) to support automated analysis and response actions.
• Lead the technical execution of the Incident Response lifecycle, including detection, analysis, containment, eradication, and recovery for high-priority security incidents.
• Work closely with the Endpoint Security team to leverage popular endpoint tools for data collection and response actions executed via SOAR.
• Maintain productive and collaborative relationships with other Watts employees.
• Integrate the SOAR platform with various security tools, including SIEM, EDR, threat intelligence platforms, and log sources, to create end-to-end automated workflows.

Requirements

• Ability to occasionally lift and carry light objects, such as office supplies, documents, or small equipment.
• Advanced programming/scripting skills in Python (required for SOAR development) and/or PowerShell/Shell Scripting.
• Solid understanding and hands-on experience with Incident Response methodologies and tools.
• Ability to read documents, use a computer, and perform data entry tasks.
• Adherence to all personnel policies, procedures, and standards of process as implemented by Watts.
• Ability to communicate clearly with management and coworkers, particularly in meetings or phone calls.
• Ability to be flexible and adapt to changing work priorities and stressful conditions.
• Ability to perform repetitive tasks like typing on a keyboard or using a mouse for extended periods.
• Strong understanding of SIEM solutions (e.g., Splunk, Microsoft Sentinel) and how they feed into SOAR workflows.
• Deep technical proficiency in designing, implementing, and managing a SOAR platform (e.g., creating custom connectors, writing Python scripts for automation, developing complex playbooks).
• Ability to operate standard office equipment such as computers, printers, phones, and copiers.
• Punctuality and dependability.
• Familiarity with popular Endpoint Detection and Response (EDR) tools (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint) and how to leverage them for automated response.
• Experience integrating security tools using APIs (REST/SOAP).
• Relevant industry certifications (e.g., GCIH, CISSP, Splunk SOAR Certified Automation Developer) are a plus.
• Ability to physically move around the office, organize or transport files, packages, or other office-related materials.
• Ability to remain seated at a desk or workstation for extended periods.
• General familiarity with network security logging concepts (e.g., firewall logs, proxy logs) sufficient to incorporate them into automation workflows.
• Bachelor's degree in a technical field required (or combination of education and equivalent practical experience).
• Excellent analytical, problem-solving, and communication skills.
• 5+ years of progressive experience in Cybersecurity Engineering, with a focus on Security Operations and SOAR implementation

Benefits

• Additional perks such as fitness reimbursements and employee discount programs
• Competitive compensation based on your skills, qualifications and experience
• 10 paid holidays and Paid Time Off
• Comprehensive medical and dental coverage, retirement benefits
• Family building benefits, including paid maternity/paternity leave
• Continued professional development opportunities and educational reimbursement

Training + Development

Interview process

Visa Sponsorship

Security clearance