Infosec SOAR Engineer

POSITION SUMMARY 

Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock.  The Zoetis Tech & Digital (ZTD) Global ERP organization is as a key building block of ZTD comprising of enterprise applications and systems platforms. 

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India. 

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare. 

The Information Security Strategy & Risk Management team at Zoetis ensures a secure strategy through a disciplined process of making colleagues security savvy, driving down residual risk, reducing the attack surface, all while enabling the business. This team is responsible for critical services that strengthen Zoetis' security posture, including protecting sensitive data, identifying and mitigating cyber threats, and seamlessly integrating secure assets during organizational changes. Key functions within the team include Security Operations, Vulnerability Management, Threat Intelligence, Security Awareness, Mergers & Acquisitions Security, and Operational Technology (OT) Security. Through these services, the team empowers the organization to operate securely and efficiently in a dynamic digital environment.  

The SOAR Engineer is responsible for designing, implementing, and maintaining automated security workflows to streamline incident response and threat management within an organization. This role involves integrating various security tools, developing playbooks, and collaborating with security analysts to enhance detection, investigation, and remediation processes. 

POSITION RESPONSIBILITIES  

Percent of Time 

Design, build, and optimize XSOAR playbooks for alert triage, enrichment (Threat Intel, EDR, SIEM), containment, escalation, and reporting. 

Integrate SOAR with SIEM, EDR (CrowdStrike, Threat Intel, ITSM, Identity, Email (M365), and Data Security applications. 

Maintain platform health: monitor performance, review logs, manage integrations, handle upgrades, and troubleshoot failures. 

Implement robust error handling, retries, and circuit breakers within playbooks; ensure idempotent and safe actions. 

Develop and maintain documentation for playbooks, integrations, operational procedures, and release notes. 

Partner with SOC analysts, threat hunters, IR, and IT teams to translate requirements into reliable automation; conduct UAT and stakeholder signoffs. 

Establish version control, testing, and CI/CD practices for playbook code and content (e.g., Git-based workflows) 

Track and report automation KPIs; recommend enhancements based on new SOAR features and operational trends. 100% 

ORGANIZATIONAL RELATIONSHIPS 

Collaborates closely with onshore security teams, including Security Operations, Vulnerability Management, Threat Intelligence, Security Awareness and Data Protection  

Works with cross-functional teams such as Infrastructure, Application Development, and Cloud Engineering to ensure seamless integration and operation of security tools.  

Partners with Identity and Access Management teams to implement and maintain secure access controls.  

Engages with external vendors and service providers to evaluate and integrate third-party security solutions.  

EDUCATION AND EXPERIENCE  

Education: 

University Degree in Computer Science or Information Systems is required.   

MS or advanced identity courses or other applicable certifications is desirable, including Certified Information Systems Security Professional (CISSP)   

Certifications: Palo Alto Networks PCSAE; CISSP or similar; cloud security exposure (AWS/Azure/GCP) 

Experience: 

6-8 years in security automation in SOC environments 

Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience). 

Excellent problem-solving, communication, and documentation skills; ability to work across time zones. 

TECHNICAL SKILLS REQUIREMENTS 

Hands-on experience with Palo Alto Networks Cortex XSOAR and Python scripting for automation/integration 

Familiarity with REST APIs, JSON, webhooks, and secure credential handling; experience building custom integrations/connectors. 

Understanding of SOC processes and incident response lifecycle (triage, containment, eradication, recovery) 

Experience operating in SIEM-centric workflows and integrating case management systems. 

Familiarity with secure coding practices, secrets management (Vault/KMS), and role-based access control in SOAR 

PHYSICAL POSITION REQUIREMENTS  

Regular working hours are from 3:00 AM to 12:00 PM EST. (ICC Second Shift)

Any unsolicited resumes sent to Zoetis from a third party, such as an Agency recruiter, including unsolicited resumes sent to a Zoetis mailing address, fax machine or email address, directly to Zoetis employees, or to Zoetis resume database will be considered Zoetis property. Zoetis will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume.

Zoetis will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. This includes any Agency that is an approved/engaged vendor but does not have the appropriate approvals to be engaged on a search.