Security Consultant (SOAR) - Contract - Columbia, SC Remote

Security Consultant (SOAR)

Location: Remote

Interview Process: 1 round, Virtual/Online - potential for a 2nd round onsite as needed

Duration: 12 Months
Employment Type: Contract
Experience Required: 08+ Years

Candidate Location: No SC residency required. Open to nationwide candidates. 

Project Scope:

Seeking an experienced Security Consultant to serve as a Security Orchestration, Automation, and Response (SOAR) Engineer within an enterprise Information Security organization. This role will focus on designing, developing, and optimizing security automation workflows, playbooks, and integrations across the enterprise security ecosystem.

The consultant will be responsible for enhancing the organization's SOAR platform capabilities by automating security operations, improving incident response efficiency, and integrating security tools such as SIEM, EDR, firewalls, and other security technologies. This role will also collaborate closely with internal security teams and external stakeholders to drive adoption of centralized security services and improve operational effectiveness.

Key Responsibilities:

SOAR Platform Engineering & Administration

• Design, develop, implement, and maintain automation workflows within the enterprise SOAR platform
  
• Build and optimize security orchestration playbooks for incident detection, triage, investigation, and response
  
• Continuously improve existing automations to enhance efficiency, scalability, and response times
  
• Administer and maintain SOAR platform configurations, workflows, and integrations
  

Automation Development & Optimization

• Develop automated response workflows for security alerts and incidents
  
• Create logic-driven playbooks to reduce manual intervention and accelerate remediation
  
• Identify opportunities to automate repetitive security operations tasks
  
• Optimize existing automation processes for performance, reliability, and operational effectiveness
  

Integration Engineering

• Build and maintain integrations between the SOAR platform and enterprise security tools, including:
  
• SIEM platforms
  
• Endpoint Detection and Response (EDR) solutions
  
• Firewalls
  
• Threat intelligence platforms
  
• Ticketing and case management systems
  
• Develop and maintain API-based integrations with internal and external systems
  

Custom Scripting & Development

• Develop custom scripts and connectors when out-of-the-box integrations do not meet business requirements
  
• Utilize scripting languages such as Python, PowerShell, or Bash to extend SOAR functionality
  
• Create reusable automation modules and supporting utilities
  
• Ensure code quality, maintainability, and adherence to security best practices
  

Security Operations Support

• Collaborate with Security Operations Center (SOC), Incident Response (IR), and Engineering teams
  
• Support incident investigation, response, and remediation activities through automation
  
• Enhance security monitoring and response capabilities through improved workflows
  
• Assist in operationalizing new security use cases and response procedures
  

Documentation & Knowledge Management

• Develop and maintain comprehensive documentation for:
  
• Playbooks
  
• Runbooks
  
• Integration configurations
  
• Troubleshooting procedures
  
• Standard operating procedures
  
• Ensure documentation is current, accurate, and accessible
  

Stakeholder Engagement & Collaboration

• Engage directly with internal teams and external stakeholders to understand requirements
  
• Support adoption of centralized security services across multiple organizations or agencies
  
• Provide technical guidance, training, and best practices related to SOAR capabilities
  
• Deliver excellent customer service and communication in stakeholder-facing interactions
  

Reporting & Dashboard Development

• Design and maintain operational dashboards and reporting metrics
  
• Develop reports to measure automation effectiveness, incident response improvements, and platform utilization
  
• Provide insights into security operations performance and trends
  

Required Skills & Experience:

·        5+ years of experience with SOAR platforms or security automation solutions

·        8+ years of experience in security architecture may be substituted in lieu of education

·        5+ years of experience supporting large enterprise IT environments or system deployments

·        Strong hands-on experience with automation platform design, implementation, and administration

·        Experience with Rest API's, JSON, and YAML

·        Experience with scripting and automation (Python, Bash, PowerShell, or similar)

·        Familiarity with MITRE ATT & CK framework

·        Experience working in multi-tenancy environment; multi-agency or enterprise service projects

Preferred Skills:

·        Hands-on experience with Cortex XSOAR

·        Experience developing advanced security automation playbooks

·        Knowledge of SIEM, EDR, and threat intelligence integrations

·        Experience supporting enterprise incident response and SOC operations

·        Experience creating dashboards and operational reporting

·        Prior experience in public sector, multi-agency, or large enterprise service environments

Education:
Bachelor’s degree in Information Technology, Information Security, Computer Science, or related field

Preferred Certifications:

• CISSP (Certified Information Systems Security Professional)
  
• CISA (Certified Information Systems Auditor)
  
• CISM or equivalent advanced security certification
  
• CEH, OSCP, GPEN, or similar cybersecurity certifications
  
• Vendor-specific certifications in SOAR or automation platforms