SIEM - SOAR DevOps Engineer

Sista ansökningsdag: 9 juli

Arbetsort: Stockholm

Publicerat: För 12 timmar sedan

Kategorier: Data & IT Teknik & Ingenjör

Join our Team

About the Opportunity 

We are seeking an experienced SIEM/SOAR DevOps Engineer to join the Cyber Defense Center (CDC) within Group Security at Ericsson.

The Cyber Defense Center plays a critical role in protecting Ericsson from cyber threats posed by external adversaries. Our mission is to stay ahead of sophisticated threat actors by anticipating their tactics, obstructing their operations, and eliminating any presence they may establish within our environment. We focus on the most advanced and potentially damaging cyber threats facing Ericsson. To accomplish this, the CDC is composed of several specialized teams, including:

•    The Security Operations Center (SOC)

•    EriCERT (Incident Response & Threat Hunting)

•    Threat Intelligence

•    Red Team

•    Process & Governance

•    AI

•    Cyber Defense IT Operations

As an experienced SIEM/SOAR DevOps Engineer, you will be part of the Cyber Defense IT Operations team, with a primary focus on the development and operation of our SIEM and SOAR platforms. In addition to this core responsibility, you will support a range of other IT operations activities as required.

What You Will Do

•    Design, develop, and operate our SIEM and SOAR platforms (e.g., Palo Alto Cortex XSOAR).

•    Ensure robust, scalable, and secure integrations across a wide range of cloud-based security services (e.g., Microsoft Sentinel, Microsoft Defender Portal, AWS GuardDuty, GCP SCC).

•    Support the onboarding, parsing, and enrichment of log sources using tools such as Fluentbit, Logstash, OpenSearch, and Kafka.

•    Drive automation and orchestration initiatives to improve incident response and operational efficiency.

•    Collaborate closely with CDC teams such as SOC, Threat Intelligence, AI, and EriCERT to strengthen detection and response capabilities.

•    Work with infrastructure-as-code deployments using Terraform and Ansible.

•    Take ownership of relevant documentation, playbooks, and operational procedures.

•    Engage in ongoing optimization and performance tuning of the security operations stack.

•    Perform additional IT operations tasks as required by the Cyber Defense IT Operations team.

You will bring 

The Skills You Bring

•    Strong programming skills in Python

•    Advanced knowledge and hands-on experience with Linux systems

•    Experience working with Cloud Security SaaS services

Meritorious Qualifications:

•    Familiarity with SOAR platforms, preferably Palo Alto Cortex XSOAR

•    Experience in application operations, DevOps pipelines, & infrastructure automation

•    Hands-on experience with cloud environments (Azure, AWS, GCP) and cloud-native security tools such as Sentinel, Defender, GuardDuty, GCP SCC

•    Experience with log management and parsing tools (e.g., Fluentbit, Logstash, Kafka)

•    Experience with OpenSearch/Elasticsearch

Soft Skills:

•    A team player with strong collaboration skills

•    Proactive and self-driven, with a continuous learning mindset

•    Ability to adapt quickly to new technologies and changing environments

•    Strong documentation skills and attention to detail

•    Ability to see the bigger picture and think strategically

•    Documentation skills and positive can-do attitude

•    Proficiency in English, both verbal and written

Why join Ericsson?

At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.

What happens once you apply?

Click Here to find all you need to know about what our typical hiring process looks like.

Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more.

Primary country and city: Sweden (SE) || Stockholm

Req ID: 767688