Security Automation Engineer

The Automation Engineer plays a key role in developing and managing security automation solutions that improve threat detection, incident response, operational efficiency, and process consistency within Operational Security. Reporting to the Automation Lead, this position focuses on building and maintaining SOAR playbooks, automation scripts, integrations, AI-enabled workflows, and orchestration pipelines to minimize manual effort and support the Autonomic Security Operations (ASO) framework.

* Design and develop SOAR-based automation workflows for alert investigation, enrichment, response actions, and remediation activities. * Create scalable and reusable automation modules, integrations, and scripts to improve security operations efficiency. * Develop and maintain automation scripts using Python, PowerShell, REST APIs, and related technologies. * Follow best practices for version control, testing, quality assurance, and technical documentation of automation solutions. * Monitor automation performance, troubleshoot failures, and ensure workflow stability and reliability. Platform Integration & Security Tool Automation * Integrate SOAR platforms with SIEM, EDR, threat intelligence platforms, cloud security tools, and incident management systems. * Build automation pipelines supporting Microsoft and Google security environments. * Develop API-based integrations, webhook connections, and event-driven orchestration workflows. * Manage data enrichment, transformation, and telemetry orchestration processes across security platforms. AI & Intelligent Automation * Support implementation of AI/ML-driven enrichment, correlation, and decision-making capabilities within automated workflows. * Assist in deploying machine learning models for anomaly detection and operational intelligence. * Collaborate with detection and analytics teams to enhance AI-enabled security automation processes. Workflow & Process Optimization * Convert SOPs, incident response procedures, and operational runbooks into automated workflows. * Identify opportunities to reduce manual effort through process automation across security operations. * Ensure automation workflows remain auditable, compliant, and aligned with operational security standards. Collaboration & Operational Support * Partner with Incident Response, Threat Hunting, Threat Intelligence, and Detection Engineering teams to automate security use cases. * Contribute to post-incident analysis and implement workflow improvements based on lessons learned. * Support evaluation, enhancement, and optimization of security tools and automation platforms.

Minimum 2 years of experience in required filed.

SOAR Platforms & Playbook Development How you've built playbooks for alert triage, enrichment, containment, and remediation Experience with Cortex XSOAR, Splunk SOAR, or Chronicle SOAR — architecture, limitations, and customization Designing reusable and scalable automation components Version control, QA testing, and documentation practices for automation artefacts Monitoring playbook performance, handling exceptions, and debugging failures Scripting & Programming Python scripting for security automation — libraries you use (requests, pandas, re, etc.) PowerShell scripting for Windows-based security tasks Writing clean, maintainable, production-grade code Error handling, logging, and retry logic in automation scripts API & Integration Engineering Building and consuming REST APIs — authentication methods (OAuth, API keys, tokens) Working with JSON parsing, data transformation, and normalization Designing webhook listeners and event-driven automation triggers Integrating SOAR with SIEM (Splunk, Sentinel, Chronicle), EDR (CrowdStrike, Defender), TIP (MISP, ThreatConnect), and case management tools Cloud Security Ecosystems Microsoft security ecosystem — Sentinel, Defender suite, Entra ID, Azure Logic Apps Google security ecosystem — Chronicle SIEM, Chronicle SOAR, Google SCC Cloud-native automation using Azure Functions, Cloud Functions, or similar serverless platforms AI/ML in Security Operations How AI/ML models are embedded into automated enrichment and correlation workflows Operationalizing ML models for anomaly detection and decision support Practical use cases — auto-classification of alerts, NLP-based phishing analysis, behavioral scoring Collaborating with data science and detection engineering teams on model integration SOC Workflows & Process Knowledge End-to-end understanding of SOC operations — L1/L2/L3 triage, escalation, and response Incident response lifecycle and how automation supports each phase Threat hunting workflows and how automation feeds into proactive detection Detection engineering collaboration — converting detection rules into automated response actions Translating SOPs into Automation Methodology for converting manual runbooks and SOPs into engineered playbooks Identifying automation opportunities across SecOps functions Ensuring automated processes remain auditable, compliant, and aligned with governance standards Prioritizing a backlog of automation use cases by impact and feasibility Operational Collaboration & Continuous Improvement Working with cross-functional teams — IR, threat hunting, threat intelligence, detection engineering Contributing to post-incident reviews and embedding lessons learned into automation Metrics you track to measure automation effectiveness — MTTR, false positive reduction, analyst time saved Familiarity with the Autonomic Security Operations (ASO) model and SOC10x principles (speed, visibility, process, technology)

1st Round : Technical Assessment 2nd and 3rd Round : Technical Interview 4th Round : Hr Round