SEIM/SOAR Engineer
Arctiq
full-time
Posted on:
Location Type: Hybrid
Location: Montreal • 🇨🇦 Canada
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
AWSAzureCloudCyber SecurityFirewallsPythonSplunk
About the role
- Deploy, configure, and maintain SIEM platforms (e.g., Palo Alto XSIAM, Splunk, Sentinel) for MSSP clients
- Onboard new log sources and ensure full visibility across cloud, endpoint, network, and application layers
- Develop custom parsers, normalization rules, and enrichment workflows
- Build and maintain automated playbooks for incident triage, enrichment, and response using platforms like Cortex XSOAR, SecOps SOAR or Splunk SOAR
- Integrate SOAR with threat intelligence, ticketing systems, firewalls, EDRs, and other customer tools
- Continuously improve automation coverage to reduce analyst workload and response times
- Collaborate with SOC analysts and threat hunters to design and implement detection use cases based on MITRE ATT&CK, threat intel, and client risk profiles
- Tune detection rules to reduce false positives and ensure actionable alerts
- Serve as a technical expert for MSSP clients during onboarding, tuning sessions, and ongoing support
- Provide recommendations for SIEM/SOAR improvements, architecture changes, and operational efficiencies
- Assist with incident response investigations where tooling configuration or custom queries are required
- Maintain detailed documentation of configurations, playbooks, and processes
- Train internal SOC teams and client stakeholders on SIEM/SOAR workflows and usage
- Stay abreast of advancements in SIEM and SOAR technologies, incorporating new capabilities into hunting and detection workflows
Requirements
- Fully bilingual English and French
- 3+ years of experience working with SIEM and/or SOAR platforms in a security operations or MSSP setting
- Hands-on experience with at least one major SIEM (e.g., Palo Alto XSIAM, Splunk, Sentinel)
- Experience with SOAR platforms and playbook development (e.g., Cortex XSOAR, SecOps SOAR, Splunk SOAR)
- Strong scripting and automation skills (e.g., Python, PowerShell, Bash, REST APIs)
- Proficiency with log formats and parsing (Syslog, JSON, Windows Events, CEF, etc.)
- Knowledge of detection logic development using query languages (e.g., SPL, KQL, regex, Sigma)
- Solid understanding of cybersecurity concepts, frameworks, and methodologies (MITRE ATT&CK, cyber kill chain)
- Experience integrating threat intelligence into SIEM/SOAR platforms
- Strong documentation and communication skills, especially with client stakeholders
- Ability to manage multiple clients and projects in a fast-paced, service-oriented environment
- Experience in an MSSP or MDR environment is a plus.
- Certifications such as Palo Alto XSOAR Engineer, Splunk Certified Admin, Azure SC-200, GCIH, Security+, or CISSP preferred
- Experience with cloud logging (AWS CloudTrail, Azure Monitor, Google Chronicle) is a plus.
Benefits
- Equal opportunity employer
- Inclusive work environment
- Accommodations available for interview process
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
SIEMSOARPythonPowerShellBashREST APIslog parsingdetection logic developmentquery languagescybersecurity frameworks
Soft skills
bilingualdocumentationcommunicationclient managementproject managementcollaborationtrainingtechnical expertiseproblem-solvingautomation improvement
Certifications
Palo Alto XSOAR EngineerSplunk Certified AdminAzure SC-200GCIHSecurity+CISSP