Soar Specialist

Company Description Metro Global Solution Center MGSC is internal solution partner for METRO a EUR31 Billion international wholesaler with operations in more than 30 countries The store network comprises a total of 623 stores in 21 countries of which 522 offer out-of-store delivery OOS and 94 dedicated depots In 12 countries METRO runs only the delivery business by its delivery companies Food Service Distribution FSD HoReCa and Traders are core customer groups of METRO The HoReCa section includes hotels restaurants catering companies as well as bars cafes and canteen operators The Traders section includes small grocery stores and kiosks The majority of all customer groups are small and medium-sized enterprises as well as sole traders METRO helps them manage their business challenges more effectively MGSC location wise is present in Pune India Dusseldorf Germany and Szczecin Poland We provide HR Finance IT Strategy Business operations support to 31 countries speak 24 languages and process over 18 000 transactions a day We are setting tomorrow s standards for customer focus digital solutions and sustainable business models For over 10 years we have been providing services and solutions from our two locations in Pune and Szczecin This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion We believe that we can add value drive efficiency and satisfy our customers Profile Summary As a Level 3 SOAR Specialist as part of the Cyber Defense Operations Center CDOC you will lead advanced security operations with a focus on SIEM and SOAR technologies driving detection engineering automated response and complex incident handling You ll be responsible for optimizing detection rules developing playbooks and managing high-severity incidents from triage to resolution In parallel you ll mentor Level 1 and 2 analysts preparing to lead your own team in the future While EDR remains part of the security stack your primary emphasis is on engineering activities around SIEM and SOAR to enhance operational efficiency and threat mitigation This role requires deep technical expertise leadership potential and a proactive approach to evolving threats - Manage and maintain NG SIEM solutions like Google Chronicle Crowdstrike and support in leveraging SOAR capabilities by designing and implementing SOAR playbooks including necessary integration and automation Support on boarding and maintenance of a wide variety of data sources to include various OS appliance and application logs Create Custom queries custom dashboards and visualizations Develop and fine tune content for the different tools including but not limited to SIEM Use Cases SOAR playbooks Threat intelligence watchlist and rules Select and recommend additional security solutions or enhance existing security solutions to improve overall METRO detection and response capabilities as per the METRO cyber security strategy Develop appropriate use cases playbooks models reports and alerts develop custom parsers connectors for integrating logs wherever necessary or required Perform analysis on the reported incidents determine the root cause and recommend the appropriate solution Use and apply learnings from incident and provide recommendation for standardizing the NG SIEM Solution Reduction of False Positives by fine tuning existing correlation rules configuration playbooks models Automation with continuous improvements Reduction in MTTR MTTD and Improvement of overall posture of NG SIEM deployment to achieve best ROI Ensure the confidentiality integrity and availability of the data residing on or transmitted to from through SOC controls Generate reports and documentation related to platform performance and continuous improvement recommendations for management and stakeholders Ensure the SIEM integration is intact among the SOC solutions and with other assets Design create and customize the dashboards reports as per the business needs Create and manage NG SIEM knowledge objects to include apps dashboards saved and scheduled searches and alerts Qualifications Exp and Qualification Bachelor s degree in Computer Science Information Technology Cybersecurity or a related field A Master s degree or relevant certifications e g CISSP CISM SANS GIAC ECIH GCIH CEH DFIR may be preferred 7-11 years of total experience in SOC in a large multi-national organization or in a known MSSP In addition to minimum 8 years of SOC Engineering experience candidate should posses at least 2 years of experience on Incident Response capabilities Technical Soft Skills In-depth knowledge and hands-on experience with SOC technologies and tools such as Google Chronicle SIEM CrowdStrike EDR EPP Vectra NDR Recorded Future TI etc Strong knowledge and skills in scripting and development of automation and orchestration code Strong hands-on experience with various operating systems networking protocols and application architectures In-depth Knowledge of industry standards and frameworks such as MITRE ATT CK Magma Framework NIST CSF ISO 27001 etc Proficiency in scripting languages e g Python PowerShell for automation and analysis Familiarity security operations center SOC operations incident response threat detection and vulnerability management Analytical and problem-solving skills to identify and troubleshoot SOC platform technical issues Ability to adapt to changing security threats and evolving business requirements Strong organizational and time management skills with the ability to coordinate and prioritize multiple tasks simultaneously Ability to work under pressure especially during critical security incidents Ability to conduct independent research and analysis identifying issues formulating options and making conclusions and recommendations Skilled in developing professional documentation and detailed reporting including PowerPoint presentations including policies standards processes and procedures Very high attention to detail with strong skills in managing presenting data and information Demonstrable conceptual analytical and innovative problem-solving and evaluative skills Excellent communication and interpersonal skills to effectively collaborate with stakeholders and internal teams