SIEM - SOAR DevOps Engineer
Ericsson AB
Join our Team
About the Opportunity
We are seeking an experienced SIEM/SOAR DevOps Engineer to join the Cyber Defense Center (CDC) within Group Security at Ericsson.
The Cyber Defense Center plays a critical role in protecting Ericsson from cyber threats posed by external adversaries. Our mission is to stay ahead of sophisticated threat actors by anticipating their tactics, obstructing their operations, and eliminating any presence they may establish within our environment. We focus on the most advanced and potentially damaging cyber threats facing Ericsson. To accomplish this, the CDC is composed of several specialized teams, including:
- The Security Operations Center (SOC)
- EriCERT (Incident Response & Threat Hunting)
- Threat Intelligence
- Red Team
- Process & Governance
- AI
- Cyber Defense IT Operations
As an experienced SIEM/SOAR DevOps Engineer, you will be part of the Cyber Defense IT Operations team, with a primary focus on the development and operation of our SIEM and SOAR platforms. In addition to this core responsibility, you will support a range of other IT operations activities as required.
What You Will Do- Design, develop, and operate our SIEM and SOAR platforms (e.g., Palo Alto Cortex XSOAR).
- Ensure robust, scalable, and secure integrations across a wide range of cloud-based security services (e.g., Microsoft Sentinel, Microsoft Defender Portal, AWS GuardDuty, GCP SCC).
- Support the onboarding, parsing, and enrichment of log sources using tools such as Fluentbit, Logstash, OpenSearch, and Kafka.
- Drive automation and orchestration initiatives to improve incident response and operational efficiency.
- Collaborate closely with CDC teams such as SOC, Threat Intelligence, AI, and EriCERT to strengthen detection and response capabilities.
- Work with infrastructure-as-code deployments using Terraform and Ansible.
- Take ownership of relevant documentation, playbooks, and operational procedures.
- Engage in ongoing optimization and performance tuning of the security operations stack.
- Perform additional IT operations tasks as required by the Cyber Defense IT Operations team.
You will bring
The Skills You Bring- Strong programming skills in Python
- Advanced knowledge and hands-on experience with Linux systems
- Experience working with Cloud Security SaaS services
Meritorious Qualifications:
- Familiarity with SOAR platforms, preferably Palo Alto Cortex XSOAR
- Experience in application operations, DevOps pipelines, & infrastructure automation
- Hands-on experience with cloud environments (Azure, AWS, GCP) and cloud-native security tools such as Sentinel, Defender, GuardDuty, GCP SCC
- Experience with log management and parsing tools (e.g., Fluentbit, Logstash, Kafka)
- Experience with OpenSearch/Elasticsearch
Soft Skills:
- A team player with strong collaboration skills
- Proactive and self-driven, with a continuous learning mindset
- Ability to adapt quickly to new technologies and changing environments
- Strong documentation skills and attention to detail
- Ability to see the bigger picture and think strategically
- Documentation skills and positive can-do attitude
- Proficiency in English, both verbal and written