{"id":859,"date":"2025-12-18T10:05:01","date_gmt":"2025-12-18T10:05:01","guid":{"rendered":"https:\/\/skillbasedmatching.com\/jobs\/?post_type=jobpost&#038;p=859"},"modified":"2025-12-18T10:05:09","modified_gmt":"2025-12-18T10:05:09","slug":"principal-xsoar-engineer-security-orchestration-automation-healthcare","status":"publish","type":"jobpost","link":"https:\/\/skillbasedmatching.com\/jobs\/current-jobs\/principal-xsoar-engineer-security-orchestration-automation-healthcare\/","title":{"rendered":"Principal XSOAR Engineer \u2013 Security Orchestration &#038; Automation (Healthcare)"},"content":{"rendered":"\n<p>\u200bThis is a <strong>12-month contract-to-hire<\/strong> role focused on maturing a healthcare organization&#8217;s <strong>Incident Response (IR)<\/strong> capabilities through advanced automation. As a Principal-level engineer, you will be the primary architect for <strong>Palo Alto Cortex XSOAR<\/strong>, responsible for taking manual IR processes and transforming them into automated, end-to-end playbooks.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Location:<\/strong> 100% Remote (Must reside in CA, OR, WA, CO, GA, VA, MD, or DC).<\/li>\n\n\n\n<li>\u200b<strong>Pay Range:<\/strong> <strong>$70\/hr &#8211; $85\/hr<\/strong>.<\/li>\n\n\n\n<li>\u200b<strong>Experience Required:<\/strong> <strong>7+ years<\/strong> in security engineering with a heavy specialization in SOAR.<\/li>\n\n\n\n<li>\u200b<strong>Core Tech Stack:<\/strong> Palo Alto Cortex XSOAR, Splunk, Python.<\/li>\n\n\n\n<li>\u200b<strong>Integrations:<\/strong> CrowdStrike, Proofpoint, Tanium, and Azure.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bWhat You\u2019ll Do: Orchestration and Incident Response Support<\/h2>\n\n\n\n<p>\u200bThe mission of this role is to act as the bridge between raw security data and actionable, automated response. You will work directly with the IR team to identify their &#8220;pain points&#8221; and solve them through code.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Playbook Development:<\/strong> Design, code, and implement complex <strong>XSOAR playbooks from scratch<\/strong>. This includes defining the logic for ingestion, enrichment, and automated containment.<\/li>\n\n\n\n<li>\u200b<strong>IR Optimization:<\/strong> Partner with Incident Response analysts to understand their workflows and improve the efficiency of their tooling.<\/li>\n\n\n\n<li>\u200b<strong>Enterprise Integration:<\/strong> Build and maintain integrations between XSOAR and the broader security stack, including <strong>CrowdStrike<\/strong> (EDR), <strong>Tanium<\/strong> (Endpoint), <strong>Proofpoint<\/strong> (Email), and <strong>Azure<\/strong> (Cloud).<\/li>\n\n\n\n<li>\u200b<strong>Python Automation:<\/strong> Leverage strong <strong>Python<\/strong> coding skills to create custom scripts and integrations that aren&#8217;t available out-of-the-box.<\/li>\n\n\n\n<li>\u200b<strong>Data Analysis:<\/strong> Perform extensive analysis on security data to identify trends and opportunities for new automation use cases.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bRequired Skills and Experience<\/h2>\n\n\n\n<p>\u200bThis is a high-level engineering role requiring a candidate who is as comfortable writing code as they are discussing security strategy with IR leads.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>SOAR Mastery:<\/strong> 7+ years of experience with a deep focus on <strong>Palo Alto Cortex XSOAR<\/strong> (formerly Demisto).<\/li>\n\n\n\n<li>\u200b<strong>Programming:<\/strong> High proficiency in <strong>Python<\/strong> is required; experience with Java or C is also beneficial.<\/li>\n\n\n\n<li>\u200b<strong>Ecosystem Knowledge:<\/strong> Strong working knowledge of <strong>Splunk<\/strong> (SIEM) and how it feeds into a SOAR platform.<\/li>\n\n\n\n<li>\u200b<strong>Soft Skills:<\/strong> Strong communication skills are essential, as you will be translating analyst needs into technical requirements.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u200bKey Logistics and Benefits<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u200b<strong>Residency Requirement:<\/strong> While the role is remote, you <strong>must<\/strong> live in one of the following states for tax\/employment purposes: CA, OR, WA, CO, GA, VA, MD, or DC.<\/li>\n\n\n\n<li>\u200b<strong>Contract-to-Hire:<\/strong> This is a 12-month initial term with the intent to convert to a permanent employee.<\/li>\n\n\n\n<li>\u200b<strong>Comprehensive Benefits:<\/strong> Includes four medical plans, 401(k) with match, HSA\/FSA, and paid sick leave.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>\u200bThis is a 12-month contract-to-hire role focused on maturing a healthcare organization&#8217;s Incident Response (IR) capabilities through advanced automation. As a Principal-level engineer, you will be the primary architect for Palo Alto Cortex XSOAR, responsible for taking manual IR processes and transforming them into automated, end-to-end playbooks. \u200bWhat You\u2019ll Do: Orchestration and Incident Response Support [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"menu_order":0,"template":"","jobpost_category":[1042,648,44],"jobpost_job_type":[39],"jobpost_location":[],"jobpost_tag":[3937,37,3904,1261,3938,3939,81,1233,3936],"class_list":["post-859","jobpost","type-jobpost","status-publish","hentry","jobpost_category-healthcare","jobpost_category-information-technology","jobpost_category-security","jobpost_job_type-remote","jobpost_tag-70-85-hr","jobpost_tag-contract-to-hire","jobpost_tag-healthcare-security","jobpost_tag-incident-response","jobpost_tag-palo-alto-cortex-xsoar","jobpost_tag-python-automation","jobpost_tag-remote","jobpost_tag-splunk","jobpost_tag-xsoar-engineer"],"_links":{"self":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost\/859","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost"}],"about":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/types\/jobpost"}],"author":[{"embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/users\/1"}],"wp:attachment":[{"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/media?parent=859"}],"wp:term":[{"taxonomy":"jobpost_category","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_category?post=859"},{"taxonomy":"jobpost_job_type","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_job_type?post=859"},{"taxonomy":"jobpost_location","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_location?post=859"},{"taxonomy":"jobpost_tag","embeddable":true,"href":"https:\/\/skillbasedmatching.com\/jobs\/wp-json\/wp\/v2\/jobpost_tag?post=859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}