SOAR Engineer

Summary

Join GuidePoint Security as a Security Automation Engineer and leverage your expertise in SOAR platforms to automate SOC processes, enhance incident response workflows, and improve overall efficiency. You will collaborate with SOC analysts, standardize customer workflows, and develop reporting dashboards. Responsibilities include integrating SOAR with core SOC tools, automating enrichment tasks, and supporting ad hoc requests. This role requires a minimum of 3 years of SOC operations experience, 1 year of SOAR automation experience, and proficiency in structured data and APIs. A Top Secret clearance (US Citizen) is required. GuidePoint offers a remote-work environment, comprehensive health insurance, dental insurance, paid time off, and other benefits.

Requirements

• Minimum 3 years experience in SOC operations supporting incident response and/or detection engineering
• Minimum 1 years experience in building automations in a SOAR platform
• Experience working with structured data (JSON) and REST/SOAP API's
• 1+ years of scripting, Python strongly desired
• DOD 8140.01 – DOD8570.01 M IAT Level II, CSSP Infrastructure
• Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
• Knowledge of how common protocols and applications work at the network level, including DNS & HTTPS
• Experience using the Linux command line interface (CLI)
• An active Top Secret clearance (US Citizen) is required prior to consideration for this role

Responsibilities

• Automate SOC processes by designing and implementing playbooks in a SOAR platform to reduce manual effort, increase consistency, and accelerate response times
• Build and enhance incident response workflows using automation , ensuring they align with real-world analyst needs and security best practices
• Collaborate with SOC analysts to identify repetitive tasks and propose targeted automation use cases that improve efficiency and accuracy
• Standardize and streamline customer-specific workflows through custom-built SOAR playbooks , driving consistent and scalable response across environments
• Develop and maintain reporting dashboards within the SOAR platform to provide visibility into automation performance, incident metrics, and operational KPIs
• Integrate SOAR with core SOC tools such as ticketing systems, monitoring platforms, and SIEMs , enabling seamless, end-to-end workflow automation
• Automate enrichment and context gathering tasks for alerts , such as domain/IP reputation lookups, user behavior analysis, and threat intelligence correlation
• Support ad hoc requests from stakeholders by building custom SOAR actions, playbooks, or detections that address urgent or emerging threats
• Maintain and evolve incident response playbooks inside the SOAR platform , ensuring they stay aligned with organizational goals and evolving threat landscapes
• Become a trusted advisor on automation strategy by developing an in-depth understanding of the customer's critical assets, systems, and workflows to prioritize impactful automation
• Design advanced detection and response playbooks that support proactive monitoring and early warning for high-value targets or potential targeted attacks
• Contribute to the broader SOC mission by participating in alert triage and continuous improvement of automated responses , particularly when tuning or adjusting playbook logic based on real-world feedback

Preferred Qualifications

• Experience managing or developing detection logic for enterprise SIEM systems
• Experience with exploitation techniques and use case development
• Experience with IOC datasets (e.g., YARA, OpenIOC, STIX)
• Experience deploying to, and leveraging cloud environments (AWS, Azure, GCP) to extend operational capabilities
• Strong knowledge of network monitoring and network exploitation techniques, including the MITRE ATT&CK technique framework and other common attack vectors

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option