Security Automation Engineer (SOAR)

The role

We are looking for a skilled Security Automation Engineer to join our SOC Automation team and play a key role in building and scaling automation across Security Operations. This is a hands-on role — you will design, develop, and integrate automation solutions across SIEM, EDR, and other security platforms, contributing to our SOAR capabilities from the ground up.

You will work in a technologically rich environment, integrating with a wide range of security and infrastructure systems across the network — a unique opportunity to build automation at scale in a greenfield setting, with real influence over the architecture and tooling decisions.

We are especially interested in candidates who are curious about leveraging AI and intelligent agents to help evolve next-generation automation and response workflows — and who want to be a driving voice in how we apply those technologies.

Your responsibilities will include:

Automation development

• Design and develop automation workflows for incident response and SOC operations

• Identify and eliminate manual processes through scalable automation

• Build reusable components and maintainable automation patterns

Engineering & integration

• Develop integrations using REST APIs, webhooks, and event-driven architectures

• Write high-quality, maintainable Python for automation and orchestration

• Implement data parsing, enrichment, and transformation across multiple systems

SOAR & platform buildout

• Lead or actively contribute to the evaluation, selection, and implementation of SOAR/automation platforms

• Design the automation architecture and integration strategy for the team

• Build automation capabilities in a greenfield environment — your decisions will shape the foundation

SOC collaboration

• Work closely with SOC analysts and incident responders to translate operational needs into automation solutions

• Improve end-to-end detection and response workflows through close partnership with the team

AI & innovation

• Actively build and evaluate AI/LLM and agent-based workflows applied to security automation
• Prototype AI-assisted enrichment, triage, and response solutions and drive them toward production

We expect you to have:

• Minimum 3 years of hands-on experience with SOAR platforms (e.g., Torq, Cortex XSOAR, Splunk SOAR, or similar)

• Strong hands-on experience with Python (or a comparable language)

• Experience designing or implementing automation frameworks or workflows

• Experience building integrations using REST APIs and web services

• Experience working with security tools such as SIEM, EDR/XDR, or ticketing systems

• Experience with at least one cloud platform (Azure, AWS, or GCP)

• Solid understanding of incident response processes and SOC alert-handling workflows

• Experience with at least one SIEM platform (Splunk,Sentinel,Qradar,Crowdstrike)

It will be an added bonus if you have:

• Experience with CI/CD pipelines and DevOps practices
• Familiarity with cloud-native services and architecture
• Hands-on exposure to AI/ML, LLMs, or agent-based systems
• Has a strong hands-on engineering mindset — you build, not just advise
• Is proactive, solution-oriented, and detail-focused
• Is genuinely curious about AI and intelligent agents, not just aware of them
• Collaborates well with both technical and operational teammates