SOAR developer - Security Orchestration, Automation and Response engineer

Division

The Cyber Defense Center is part of the Chief Information Security Officer Office. Its main responsibility is to reduce the cyber threat surface risk for Euroclear by monitoring malicious activities targeting Euroclear’s services, assets, and personnel. This is achieved through Cyber Threat Management (CTM), Security Operations Centre (SOC) including Tier 1 & Tier 2 monitoring, Cyber Incident & Response Team (CIRT; Tier 3), Detection & Response Engineering Team (D&R), and Compliance and Assurance Team (C&A). These teams handle cyber threat intelligence, digital footprint monitoring, security event management, analytics, incident management, and forensic analysis.

The CDC supports security capabilities and acts as a subject matter expert across divisions, engaging with external stakeholders such as customers, oversight bodies, threat intelligence providers, and third parties.

The Detection & Response Engineering team comprises:

• Detection/System Network Engineers – responsible for threat detection implementation and maintenance.
• SOAR developers – responsible for developing responses including playbooks and automations.

Role

This role involves developing and maintaining the code and capabilities of the Security Orchestration, Automation and Response (SOAR) platform. You will collaborate with the Detection & Response Engineering Manager and work closely with detection engineering, threat detection, and response teams to prioritize, evaluate tradeoffs, and develop high-impact features within the SOAR platform.

The main responsibilities include:

• Developing, maintaining, and deploying new SOAR content such as custom playbooks, automations, scripts, dashboards, reports, widgets, and API integrations, following Agile practices with CI/CD pipelines.
• Reducing incident response efforts and improving quality using XSOAR for SOAR functionalities.
• Automating manual SOC procedures and developing, testing, and maintaining playbooks.
• Detailing workflows, scripting, and debugging code, using version control for tracking.
• Using Python or other scripting languages for custom automation development.
• Ensuring amendments are integrated into existing playbook frameworks accurately.
• Managing and prioritizing backlog requests for SOAR integrations and automations, balancing defect resolution and new features.
• Collaborating with the incident response team to identify improvement opportunities.

Qualifications

Technical Skills

• At least 3 years of experience in a similar role.
• Expertise in Palo Alto Cortex XSOAR platform.
• Ability to document playbooks for Palo Alto Networks Cortex XSOAR.
• Proficiency in Python, with JavaScript and PowerShell as assets.
• Knowledge of REST, SOAP, WSDL, XML (Web services).
• Understanding of cybersecurity incident response; experience as Security Incident Responder or SOC analyst is a plus.
• Strong knowledge of cybersecurity technologies, protocols, and applications.

Soft Skills

• Strong analytical skills for evaluating complex problems and quick resolution, often under stress.
• Excellent problem-solving, documentation, process execution, time management, and interpersonal skills.
• Effective communication of complex concepts verbally, written, or visually.
• Passion for working in a startup environment with growth potential.

#LI-NS1