SEIM/SOAR Engineer

Position Overview:

As a Bilingual SIEM/SOAR Engineer in our Managed Security Services team, you will play a critical role in the deployment, configuration, and optimization of security monitoring and automation tools for our diverse client base. You will be responsible for building detection use cases, automating response playbooks, and ensuring log source visibility across customer environments. This role requires strong technical expertise, a security-first mindset, and a passion for helping clients improve their threat detection and response capabilities.

Core Responsibilities:

• Deploy, configure, and maintain SIEM platforms (e.g., Palo Alto XSIAM, Splunk, Sentinel) for MSSP clients.
• Onboard new log sources and ensure full visibility across cloud, endpoint, network, and application layers.
• Develop custom parsers, normalization rules, and enrichment workflows.
• Build and maintain automated playbooks for incident triage, enrichment, and response using platforms like Cortex XSOAR, SecOps SOAR or Splunk SOAR.
• Integrate SOAR with threat intelligence, ticketing systems, firewalls, EDRs, and other customer tools.
• Continuously improve automation coverage to reduce analyst workload and response times.
• Collaborate with SOC analysts and threat hunters to design and implement detection use cases based on MITRE ATT&CK, threat intel, and client risk profiles.
• Tune detection rules to reduce false positives and ensure actionable alerts.
• Serve as a technical expert for MSSP clients during onboarding, tuning sessions, and ongoing support.
• Provide recommendations for SIEM/SOAR improvements, architecture changes, and operational efficiencies.
• Assist with incident response investigations where tooling configuration or custom queries are required.
• Maintain detailed documentation of configurations, playbooks, and processes.
• Train internal SOC teams and client stakeholders on SIEM/SOAR workflows and usage.
• Stay abreast of advancements in SIEM and SOAR technologies, incorporating new capabilities into hunting and detection workflows.

Qualifications:

• Fully bilingual English and French
• 3+ years of experience working with SIEM and/or SOAR platforms in a security operations or MSSP setting.
• Hands-on experience with at least one major SIEM (e.g., Palo Alto XSIAM, Splunk, Sentinel).
• Experience with SOAR platforms and playbook development (e.g., Cortex XSOAR, SecOps SOAR, Splunk SOAR)
• Strong scripting and automation skills (e.g., Python, PowerShell, Bash, REST APIs)
• Proficiency with log formats and parsing (Syslog, JSON, Windows Events, CEF, etc.)
• Knowledge of detection logic development using query languages (e.g., SPL, KQL, regex, Sigma)
• Solid understanding of cybersecurity concepts, frameworks, and methodologies (MITRE ATT&CK, cyber kill chain)
• Experience integrating threat intelligence into SIEM/SOAR platforms
• Strong documentation and communication skills, especially with client stakeholders
• Ability to manage multiple clients and projects in a fast-paced, service-oriented environment
• Experience in an MSSP or MDR environment is a plus.
• Certifications such as Palo Alto XSOAR Engineer, Splunk Certified Admin, Azure SC-200, GCIH, Security+, or CISSP preferred
• Experience with cloud logging (AWS CloudTrail, Azure Monitor, Google Chronicle) is a plus.

Arctiq is an equal opportunity employer. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know. We celebrate our inclusive work environment and welcome members of all backgrounds and perspectives to apply. 

We thank you for your interest in joining the Arctiq team! While we welcome all applicants, only those who are selected for an interview will be contacted.