Principal Security Engineer (SOAR)

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for ten consecutive years. We have also earned awards as a best place to work for women, diversity, and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

The Principal Security Engineer is responsible for leading the development and application of security orchestration, automation, and response (SOAR) solutions that enable the success of Security Operations Center (SOC) initiatives. This role requires deep, expert-level technical experience automating SOC workflows. The Principal Security Engineer primarily interfaces with the SOC as well as other teams within Information Security. The role involves designing, implementing, and maintaining SOAR workflows to improve SOC efficiency, creating playbooks, integrating security tools, automating repetitive tasks, and collaborating with SOC analysts and IT teams to optimize incident response. Additionally, the Principal Security Engineer leads the SOC’s security automation architecture and strategic roadmap, develops metrics to measure program maturity and value, and supports the overall security operations and threat management capabilities. This position is hybrid, requiring three days onsite in Santa Ana, CA.

What You'll Do:

• Lead design, develop, and implement SOAR playbooks and workflows.
• Investigate, recommend, evaluate, deploy, and integrate security tools and systems with the SOAR platform to enhance protection of corporate assets.
• Automate repetitive SOC processes to improve efficiency and response times.
• Collaborate with SOC analysts to understand operational requirements and tailor automation solutions.
• Monitor and maintain the SOAR platform to ensure optimal performance and uptime.
• Develop test plans and conduct rigorous testing and validation of playbooks.
• Provide technical expertise and troubleshooting for SOAR-related issues.
• Document playbooks, workflows, and integrations thoroughly for SOC reference.
• Stay updated on advancements in SOAR platforms, cybersecurity threats, and best practices.
• Monitor, report, and resolve security-related problems and discrepancies.
• Participate as a member of the Information Security Incident Response Team.
• Participate in cybersecurity incident investigations.
• Perform duties outside of normal work hours as needed.

What You'll Bring:

• Minimum 7+ years of experience in information security working in a SOC.
• At least 5+ years of hands-on experience with SOAR technologies and SOC tools.
• Relevant licenses or certifications such as CISSP, GCIH, GIAC, or SOAR-specific credentials.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent work experience.
• Hands-on knowledge of SOAR platforms and integrating security tools.
• Strong understanding of incident response, security tools, and cybersecurity frameworks.
• Proficiency in scripting languages like Python or JavaScript for automation.
• Experience with APIs and system integrations for security tools.
• Experience with SIEM solutions and threat intelligence platforms.
• Knowledge of IT infrastructure and network security.
• Experience in implementing security technologies and managing vendor relationships.
• Ability to define security strategy and integrate security into corporate frameworks.
• Strong communication and collaboration skills.

Pay Range: $166,800.00 - $222,300.00 annually

This range is an estimate based on various factors including experience, skills, and location.

Applicants in unincorporated areas of Los Angeles County will be considered in accordance with local laws. First American conducts criminal history reviews in connection with job offers, especially for roles involving handling confidential information or financial transactions.

We embrace individuality and support diversity, equity, and inclusion. Our culture celebrates authenticity and inclusiveness. We offer a comprehensive benefits package including medical, dental, vision, 401k, PTO, and other benefits like an employee stock purchase plan.