We are looking for a XSOAR Cybersecurity Engineer to join our internal cybersecurity team.
In this role, you will be responsible for designing, implementing, and continuously improving SOAR use cases and automated incident response workflows, helping to strengthen our security operations and response capabilities.If you have solid experience in SOC environments, enjoy automation and threat investigation, and want to work with leading SOAR and SIEM technologies in a collaborative environment, this opportunity is for you.What you will doDesign, implement, and maintain SOAR use cases and automated playbooks using platforms such as Cortex XSOAR, Microsoft Sentinel, and FortiSIEM.Monitor and analyze security alerts from multiple SIEM platforms, ensuring timely and effective incident response.Correlate and investigate logs from various sources (e.G., Elastic, Sentinel, FortiSIEM) to identify malicious activity and potential security incidents.Develop automation scripts and integrations (Python, PowerShell, Bash) to improve incident response efficiency.Continuously optimize SOAR workflows to reduce false positives and enhance response effectiveness.Document incident response procedures and contribute to the team knowledge base.Support, mentor, and train junior SOC analysts on best practices and automation technologies.Participate in post-incident reviews, root cause analysis, and process improvement initiatives.What we are looking forMandatoryAcademic degree (level 4 or higher) in IT, Computer Science, Cybersecurity, or equivalent professional experience.Minimum of 3 years of experience in SOC environments or security operations.At least 1 year of hands-on experience with SOAR platforms.Proficiency in scripting languages such as Python, PowerShell, or Bash.Strong understanding of incident response processes, threat detection, and security monitoring.Practical experience with Palo Alto Cortex XSOAR, Microsoft Sentinel, and FortiSIEM.Fluency in English (minimum B2 level, spoken and written).
Nice to haveExperience with other automation and SOAR tools such as Elastic Security (Elastic SIEM), Tines, DFLabs IncMan, Siemplify (Chronicle SOAR), or Swimlane.Experience developing integrations using REST APIs.Knowledge of the MITRE ATT&CK framework.Strong technical documentation skills.Relevant certifications, such as:Palo Alto Cortex XSOAR Certified Automation EngineerMicrosoft SC-200: Security Operations Analyst AssociateFortinet NSE 5 – FortiSIEMElastic Certified AnalystSwimlane Certified SOAR DeveloperTines Automation SpecialistLocationHybrid – 2 x office in Porto