Company Description
Building the bank of tomorrow takes more than skills.
It means combining our differences to imagine, discuss, code, develop, test, learn… and celebrate every step together. Share our vibes? Join Swissquote to unleash your potential.
We are the Swiss Leader in Online Banking and we provide trading, investing and banking services to +650’000 clients, through our performant and secured digital platforms.
Our +1200 employees work in a flexible way, without dress code and in multicultural teams.
By having a huge impact on the industry, they are growing their skills portfolio and boosting their career in a fast-pace environment. Have a look behind the scenes by checking on Instagram.
We are all in at Swissquote. As an equal opportunity employer, we welcome candidates from all backgrounds, experiences and perspectives to join our team and contribute to our shared success.
Are you all in? Don’t be shy, apply!
Job Description
Join our Security Operations Center (SOC) Team, a team of four engineers within the Cybersecurity Department. You will work in a dynamic environment, gaining key skills in security automation and incident response while becoming familiar with the banking and finance threat landscape.
Under the supervision of the Security Operation Manager, you will take part in the following projects:
1. Playbook Engine Development: Building and enhancing the core SOAR playbook execution engine using Python Implementing YAML parser, workflow executor, conditional logic evaluator, and decision tree engine.
2. Playbook Creation: Designing YAML-based SOAR playbooks for automated incident response. Creating workflows for phishing detection, malware analysis, ransomware response, threat intelligence enrichment, and IOC blocking.
3. Custom Utility Development: Developing Python utility functions and helpers to extend playbook capabilities. Building data transformation logic and security analysis functions. Execution Framework: Implementing error handling, logging, monitoring, performance optimization, parallel execution, and async operations.
4. Testing & Quality Assurance: Writing unit tests and creating regression test suites. Testing playbooks with realistic security scenarios and validating end-to-end automation flows. Implementing and enforcing coding standards through linting tools.
5. Collaboration: Working closely with the Integration Intern to understand available connectors and ensure playbooks effectively utilize all integrations.
Qualifications
6. Good proficiency in Python
7. Good knowledge of YAML syntax and workflow definition
8. Basic understanding of cybersecurity fundamentals and incident response
9. Interest in security operations and SOC processes
10. Familiarity with threat landscapes and security concepts
11. Basic experience writing tests or willingness to learn
12. Experience with version control (Git)
Nice-to-Have Skills
13. Experience with SOAR platforms (Splunk SOAR, Cortex XSOAR, etc.)
14. Familiarity with security tools (Splunk, QRadar, Chronicle, CrowdStrike)
15. Experience with linting tools
16. Knowledge of workflow engines or orchestration systems
Additional Information
Availability: from July 1st 2026
SQ2