Cybersecurity SOAR Playbook Engine Developer – 6 Month Internship

TL;DR

Cybersecurity SOAR Playbook Engine Developer (Internship): Develop and enhance SOAR playbook execution engine and automated incident response workflows with an accent on Python programming, YAML workflow design, and security automation. Focus on building core SOAR components, testing automation flows, and collaborating within a Security Operations Center environment.

Company

Swissquote is the Swiss leader in online banking, providing trading, investing, and banking services to over 650,000 clients through secure digital platforms.

What you will do

• Develop and enhance the SOAR playbook execution engine using Python and YAML.
• Create automated incident response playbooks for phishing, malware, ransomware, and threat intelligence workflows.
• Develop custom Python utilities to extend playbook capabilities and optimize execution.
• Write unit tests and regression suites to ensure quality and reliability of automation.
• Collaborate with integration team members to utilize available connectors effectively.

Requirements

• Good proficiency in Python programming.
• Knowledge of YAML syntax and workflow definitions.
• Basic understanding of cybersecurity fundamentals and incident response.
• Interest in security operations and SOC processes.
• Experience with version control systems like Git.
• Willingness to learn testing and quality assurance practices.

Nice to have

• Experience with SOAR platforms such as Splunk SOAR or Cortex XSOAR.
• Familiarity with security tools like Splunk, QRadar, Chronicle, CrowdStrike.
• Experience with linting tools and workflow orchestration systems.

Culture & Benefits

• Flexible work environment with multicultural teams.
• Opportunity to grow skills portfolio in a fast-paced fintech environment.
• Equal opportunity employer welcoming diverse backgrounds.