SIEM/SOAR Engineer

Yerevan | Full time

Job Description

IDBank is looking for an experienced, motivated and qualified candidate to fulfil the responsibilities listed below. 

Job responsibilities

SOAR / Automation

• Design and build automated response playbooks/workflows in the SOAR platform (enrichment, ticketing, containment, notifications).
• Integrate SOAR with SIEM, EDR, ticketing/ITSM, threat intel feeds, email gateways, and network/security devices.
• Convert manual SOC runbooks into automated sequences to reduce MTTR.

 Scripting & Tooling

• Write and maintain scripts in JavaScript, Python, Bash, and Windows Batch to:parse and transform logs, pull/push data via REST APIs, automate onboarding of new sources,
• Build small helper tools for the SOC team to speed up investigation and enrichment.

 Integrations & Infrastructure Awareness

• Integrate SIEM/SOAR with proxy, web services, load balancers, reverse proxies (e.g. Nginx/Apache/F5/HAProxy), SQL, AD, SCCM and other services to collect security-relevant events.
• Work with network/infrastructure teams to ensure correct log export (syslog/CEF/LEEF/API).
• Document integrations, parsers, and playbooks for InfoSec and SOC teams.

Operations & Governance

• Monitor SIEM/SOAR performance, storage, and parsing errors; remediate issues proactively.
• Participate in incident response as SIEM/SOAR subject-matter expert.
• Align content with internal security policies, standards, and regulatory requirements.

Required qualifications

• 3+ years of experience in Information Security/ Information Technology / SOC / Cybersecurity Operations/ Development Operations.
• Hands-on experience with at least one enterprise SIEM platform (e.g. Splunk, Elastic SIEM, Microsoft Sentinel, ArcSight, Wazuh, etc.).
• Experience with at least one SOAR platform (native SIEM SOAR, Cortex XSOAR, IBM SOAR, Splunk SOAR/Phantom, Arcsight or similar) or Ansible.
• Strong scripting skills: JavaScript – for SIEM/SOAR apps, JSON manipulation, API calls; Python – for integrations, enrichment scripts, automation tasks; Bash – for Linux-based log collection and preprocessing; Batch/PowerShell basics – for Windows-based log tasks and agents.
• Solid understanding of log formats (syslog, JSON, CEF, LEEF), parsing, field extraction, normalization, and enrichment.
• Good knowledge of TCP/IP, HTTP/S, DNS, authentication (AD/LDAP/Kerberos) from a logging/security perspective.
• Ability to work with REST APIs for security tools integration.
• Good to have documentation skills.
• Experience creating detection content/use cases (MITRE ATT&CK mapping).
• Experience integrating threat intelligence feeds and automating enrichment.
• Familiarity with ITSM/ticketing systems (ServiceNow, Jira, ManageEngine, etc.).
• Experience in high-availability SIEM setups and log collection architectures.
• Security certifications (e.g. CyberOps Associate, SC-200, Splunk Core Certified Power User, QRadar, Sentinel, CySA+, SSCP) are a plus.
• Analytical mindset and attention to log/data quality.
• Ability to translate SOC needs into technical automation.
• Comfortable working with infrastructure and application teams.
• Proactive, able to work in an Information Security environment with multiple parallel tasks.

Contact information

All interested candidates are encouraged to send CVs to hr@idbank.am.

Please clearly mention that you have heard of this job opportunity on telegram channel VG Recruiting Agency.