SOAR Developer

We’re looking for a 3-5 years of experience SOAR Developer / Integrator to join our SecDevOps initiative, building the next generation of MDR Modern SecOps platforms.

You’ll be working primarily with FortiSOAR, designing and implementing orchestration playbooks, integrations, and reusable response logic across multiple SOC environments. The role will involve integrating with COTS security tools (Microsoft Sentinel, Sumo Logic, Defender TI, ReversingLabs, Anomali, etc.), normalizing threat feeds, and automating triage flows aligned with MITRE ATT&CK.

This is a highly technical position where you’ll:

• Develop enrichment playbooks using leading threat intel providers.
• Implement triage logic: severity scoring, suppression, and tagging.
• Build device isolation and response automation across heterogeneous platforms.
• Normalize and enrich data for SOC analysts to act faster and smarter.
• Contribute to establishing CI/CD pipelines and best practices for SecOps automation.

We’re seeking someone with a strong background in Python, REST APIs, JSON/YAML, and Jinja2 templates, and ideally experience with FortiSOAR or other SOAR platforms. If you have a passion for security automation, threat intelligence, and want to work on global-scale SOC modernization, this role is for you.

You’ll be embedded directly with our client’s security engineering team, working in an Agile delivery model, collaborating closely with architects and SOC analysts. Expect to face complex challenges, real-world threats, and the opportunity to make an impact on modern cybersecurity operations at scale.

Key Responsibilities

• End-to-End Development: Contribute to all phases of development — from requirements gathering and architecture design to coding, testing, and deployment.
• Playbook Logic Implementation: Build reusable and scalable playbooks in FortiSOAR to automate threat detection, enrichment, and response workflows.
• Integration with Third-Party APIs: Connect with external providers such as Microsoft Sentinel, ReversingLabs, and Palo Alto for alert consumption, enrichment, and automated remediation.
• Code Quality: Write clean, maintainable, and secure code. Participate actively in code reviews and follow best practices.
• Team Collaboration: Work closely with your teammates, sharing knowledge and supporting cross-project initiatives.
• Continuous Learning: Engage in Loop’s internal Security and Tech Councils to strengthen skills and bring best practices into projects.

Required Technical Skills

• Security Automation: Experience with SOAR platforms (FortiSOAR or similar), incident response workflows, and playbook development.
• Programming: 2–3+ years of Python (for automation, connectors, and integrations). Solid understanding ofREST APIs, YAML, JSON and Jinja2
• APIs & Integrations: Hands-on experience consuming and integrating REST APIs from security vendors (Sentinel, Palo Alto, threat intel providers, etc.).
• General DevOps knowledge: Git, CI/CD pipelines.

Soft Skills

• Ownership: Proactively drive tasks from requirements to delivery. You’ll have support but you should own your scope with autonomy
• Collaboration: Be a team player — mentor, learn, and contribute within Loop and the client’s team.
• Communication: Strong verbal and written English for effective interaction. At least B2.
• Adaptability: Comfortable working in hybrid contexts (security + software engineering), quickly ramping up on new tools and workflows.