Security Automation Engineer

About The Position

Requirements

• Bachelor’s Degree / Graduation in Computer Science, Information Technology, Cybersecurity, Engineering, or a related technical field is mandatory.
• 3–5 years of overall cybersecurity experience.
• Proven hands-on experience with SOAR platforms in enterprise or MSSP environments.
• Strong experience designing and implementing automation workflows from scratch.
• Experience supporting Security Operations Center (SOC) environments.
• Prior SOC Analyst experience is highly preferred.
• Experience working within Managed Security Services Provider (MSSP) environments preferred.
• Experience supporting or collaborating with US-based teams/vendors preferred.
• Strong hands-on experience with SOAR technologies.
• Experience with Torq SOAR preferred.
• Strong understanding of: Incident response workflows, SOC operations, Detection engineering, Security orchestration, Threat intelligence, API integrations, Authentication mechanisms, Identity-based security workflows.
• Experience integrating security tools using: REST APIs, JSON, Webhooks, Python, PowerShell.
• Familiarity with SIEM platforms and alert correlation logic.
• Experience with ticketing systems, preferably Datto Autotask.
• Understanding endpoints, cloud, identity, and email security ecosystems.
• Strong verbal and written communication skills with the ability to work effectively across technical and non-technical teams.
• Excellent collaboration and stakeholder coordination skills across SOC Operations, Engineering, Consulting, Vendors, and Leadership teams.
• Strong documentation and technical writing capabilities for workflows, SOPs, and operational procedures.
• Ability to work independently in a remote-first, multicultural, and fast-paced MSSP environment.
• Self-driven, proactive, and highly organized with strong ownership and accountability.
• Strong analytical, troubleshooting, and problem-solving skills.
• Comfortable managing multiple projects, priorities, and operational initiatives simultaneously.
• Team-oriented mindset with the ability to operate effectively as an individual contributor.
• Professional communication and coordination skills for working with US-based teams and vendors.
• Adaptable and flexible to evolving operational and business requirements.

Nice To Haves

• Relevant cybersecurity certifications and automation-focused certifications will be considered an added advantage.
• Experience implementing AI-driven SOC workflows.
• Exposure to AI orchestration in cybersecurity operations.
• Knowledge of security operations metrics and optimization strategies.
• Experience with security automation governance and change management.
• Exposure to cloud security platforms and SaaS security controls.
• Familiarity with DevSecOps or infrastructure automation concepts.
• Relevant cybersecurity certifications are advantageous like Security+, CySA+, GCIH, SC-200, AZ-500, SOAR platform certifications, Splunk / Microsoft certifications.

Responsibilities

• Design, develop, implement, and maintain SOAR playbooks and automation workflows for SOC operations.
• Build scalable security orchestration workflows for: Alert triage, Automated enrichment, Threat intelligence correlation, Incident response, Containment workflows, Identity-based investigations, Case management, Reporting automation.
• Implement and maintain integrations between SOAR platforms and various security technologies using APIs, webhooks, SDKs, and custom connectors.
• Develop automation logic to improve SOC efficiency, reduce analyst fatigue, and accelerate Mean Time to Respond (MTTR) and Mean Time to Resolve.
• Support SOAR platform lifecycle management including upgrades, change management, testing, governance, RBAC, and operational maintenance.
• Assist with SOAR platform administration, identity & access management, and environment hardening.
• Hands-on experience integrating and automating workflows involving: Microsoft Defender for Endpoint (MDE), Microsoft Defender XDR, Microsoft Defender for Identity (MDI), Microsoft Defender for Office 365 (MDO), Microsoft Defender for Cloud Apps (MDCA), Microsoft Purview, Microsoft Identity Protection / Entra ID, CrowdStrike Falcon, Threat Intelligence platforms (Must have), SIEM platforms (Microsoft Sentinel & Defender XDR), Graph API, Ticketing platforms (Datto Autotask preferred), Email security solutions, Endpoint detection & response platforms, Identity and authentication platforms, Cloud security solutions.
• Work collaboratively with SOC Managers, SOC Team Leads, Analysts, and Security Consultants to identify automation opportunities.
• Create operational enhancements to improve detection engineering, investigation workflows, escalation efficiency, and reporting.
• Assist with scaling SOC operations using automation and AI-driven initiatives.
• Support operational maturity improvements within the SOC environment.
• Participate in incident response automation strategy discussions and implementation planning.
• Contribute to SOC transformation initiatives focused on operational scalability and service optimization.
• Contribute to AI-enabled SOC initiatives and intelligent automation projects.
• Assist in implementing AI orchestration and automation use cases within security operations.
• Research and evaluate emerging AI and automation technologies relevant to cybersecurity operations.
• Support initiatives focused on autonomous investigation workflows, enrichment intelligence, and analyst assistance capabilities.
• Coordinate automation initiatives with internal stakeholders and external vendors.
• Work closely with SOAR vendors for implementation support, troubleshooting, optimization, and feature enablement.
• Participate in project planning, implementation tracking, testing, and deployment activities.
• Maintain technical documentation, workflow diagrams, integration references, and operational runbooks.
• Support cross-functional cybersecurity projects and operational improvements.

Benefits

• Career Pathways
• flexible work schedules