Principal Analyst Cyber Security Operations - SOAR

PURPOSE AND SCOPE:  

Fresenius Medical Care’s CSOC seeks a Principal Analyst to lead engineering and development of advanced enterprisewide detection and threatanalytics capabilities. The role drives security engineering strategy, AIenhanced detection logic, threat modeling, and continuous tuning across diverse platforms. It also leads SOAR engineering—building automations, integrating security tools, and creating workflows that reduce manual work and speed up response—while partnering closely with Security and Global IT teams. 

This is a U.S.-based remote position supporting Fresenius Medical Care’s Global Cyber Security Operations Center. 

PRINCIPAL DUTIES AND RESPONSIBILITIES:  

• Lead architecture, development, and maintenance of SOAR playbooks and automation pipelines. 

• Automate repetitive security operations and security engineering workflows (EDR, VM scanning, SIEM enrichment, IR actions). 

• Integrate security tools and platforms using APIs, scripting, and microservices. 

• Improve MTTR and reduce operational overhead through intelligent automation by closely partnering with Security Engineering, IT Operations, and Cloud Teams. 

• Develop KPIs to measure automation impact and report operational improvements. 

• Lead POCs for new automation platforms and evaluate opportunities for AI-based operations. 

• Provide mentorship and code reviews for automation engineers and analysts. 

• Partner with security engineering on telemetry strategy, logging requirements, and architectural standards for monitoring visibility.  

• Integrate AI/MLdriven detection capabilities into existing pipelines, validating model performance and reducing false positives.  

• Maintain ingestion pipelines, parsing logic, normalization rules, and event taxonomies across critical log sources: identity, endpoint, cloud, network, application, and medical systems.  

• Lead the design, implementation, and optimization of enterprisewide detection content, including correlation rules, behavioral analytics, machinelearning assisted detections, and anomaly models.  

• Develop detection playbooks and logic focused on lateral movement, credential abuse, insider threats, privilege escalation, cloud compromise, and advanced persistent threats.  

• Tune, optimize, and enrich detection pipelines with contextual data (identity, asset, threat intelligence, vulnerability data).  

• Mentor analysts and engineers globally on detection logic development, data analytics, and platform best practices.  

• Serve as a senior escalation point for complex security incidents and investigations 

PHYSICAL DEMANDS AND WORKING CONDITIONS: 

• The physical demands and work environment characteristics represent those typically encountered while performing essential duties. Reasonable accommodation may be made as needed. 
  This is a remote role with availability expected during core hours and during escalations as required. 

SUPERVISION:  

• Provides technical leadership and mentorship to threat engineers, automation engineers and security operations analysts globally. Does not directly manage staff. 

EDUCATION:  

Minimum

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent professional experience). 

EXPERIENCE AND REQUIRED SKILLS:   

• 5+ years in automation engineering, SOAR engineering, or DevSecOps.  

• Strong scripting/programming experience (Python required; PowerShell, Go, or NodeJS a plus).  

• Hands-on experience with:  

• SOAR platforms (Cortex XSOAR, Splunk SOAR, Microsoft Sentinel automation) 

• API integrations and REST/JSON workflows 

• CI/CD tools (GitHub, GitLab, Azure DevOps) 

• Deep understanding of SOC processes, alerting workflows, and incident response.  

• Experience integrating EDR, VM, identity, and cloud security tools.