Security Automation Architect (SIEM/SOAR & AI)

22 hours, 12 minutes ago
Full-time
Senior
Artificial Intelligence and Machine Learning
Plain Concepts

Plain Concepts

Plain Concepts: Multinational software company offering innovative solutions in Web, App development, AI, Mixed Reality, Big Data, Blockchain, IoT, and Cloud. Recognized by Microsoft and industry leaders for expertise and innovation.

Internet Software & Services
251-1K
Founded 2006

Description

  • Analyze current SOC operating models, escalation flows, and response procedures to identify transformation opportunities.
  • Design AI-native workflows that automate, augment, and redesign detection and response processes.
  • Translate analyst knowledge, playbooks, and procedures into structured and reusable automation workflows.
  • Define how AI agents support alert triage, enrichment, investigation, prioritization, and response.
  • Establish human-in-the-loop boundaries, approval paths, confidence thresholds, and decision points for sensitive actions.
  • Design detection and response automation blueprints, including decision trees, enrichment steps, evidence requirements, and output formats.
  • Create reusable patterns for investigation, containment, escalation, reporting, and false positive reduction.
  • Define agent roles, permissions, execution boundaries, logging, and audit requirements for AI-assisted decisions.
  • Work with AI engineering teams to ensure agentic workflows are secure, controlled, and aligned with SOC needs.
  • Identify and mitigate operational and security risks such as unsafe automation, hallucination, excessive permissions, prompt injection, and data leakage.

Requirements

  • 6+ years of experience in cybersecurity with a strong background in Detection & Response, SOC operations, security automation, SIEM engineering, or security architecture.
  • Proven experience designing or implementing AI automation, AI-assisted workflows, agentic automation, or AI-enabled operational processes.
  • Strong understanding of how modern SOCs operate across L1, L2, and L3 functions.
  • Experience designing or improving detection use cases, triage processes, incident response procedures, and SOC playbooks.
  • Hands-on experience with SIEM and/or SOAR platforms.
  • Ability to translate analyst procedures into structured workflows, decision trees, and automation requirements.
  • Good understanding of alert enrichment, case management, incident lifecycle management, and escalation models.
  • Practical understanding of identity, permissions, API integrations, and secure automation design.
  • Ability to work with SOC analysts, security architects, engineering teams, and senior client stakeholders.
  • Strong documentation skills for operational procedures, use case specifications, and technical architecture.
  • Experience with Microsoft Sentinel, Defender XDR, or Microsoft Security Copilot (preferred).
  • Experience with Microsoft Foundry or Azure AI-based automation (preferred).
  • Experience with agentic AI workflows in cybersecurity or IT operations (preferred).
  • Experience with Logic Apps, Azure Functions, or automation runbooks (preferred).
  • Experience with KQL, SPL, or equivalent SIEM query languages (preferred).
  • Experience with detection engineering and MITRE ATT&CK mapping (preferred).
  • Experience with threat intelligence enrichment, incident response automation, XDR/EDR platforms, cloud security operations, case management integration, enterprise SOC transformation programs, MDR/MSSP operating models, purple teaming, detection validation, DevSecOps, infrastructure automation, or GRC/control evidence automation (preferred).

Benefits

  • Market-based salary determined by your experience.
  • Flexible 35-hour work week.
  • Fully remote work option.
  • Flexible compensation for restaurant, transport, and childcare.
  • Fully covered health insurance with co-payment for dental services.
  • Individual training or equipment budget plus free Microsoft certifications.
  • English lessons.
  • Birthday day off.
  • Monthly home electricity and internet bonus.
  • Discounts on gym plans and sports activities.
  • Annual team-building event, welcome pack, baby basket, Christmas basket, employee discount portal, and access to the latest technological tools.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Security Compliance Engineer

Yuno 51-200 Payment Processing Software

Yuno is hiring a Security Compliance Engineer in LATAM to help translate security, privacy, and compliance requirements into technical controls that support audits and secure global payment operations.

AWS CI/CD CloudFormation GCP Kubernetes Python Serverless Terraform WAF
17 hours, 58 minutes ago

Head of AI Engineering - NCT

Banyan Software 51-250 Internet Software & Services

Banyan Software’s operating company Next Chapter Technology is hiring a US-based Head of AI Engineering to lead the hands-on modernization of its CaseWorks platform into an AI-first system for county Health and Human Services operations.

DevSecOps HIPAA Machine Learning
21 hours, 27 minutes ago

Engineer, Threat Detection - 5

Tide 51-250 Banks

Tide is hiring a Security Engineer for its Threat Detection & Response team to build and operate detection, automation, and incident response capabilities that protect the company and its members.

AWS GCP macOS Penetration Testing Sentinel SIEM Splunk
21 hours, 27 minutes ago

Senior AI Programmer

Epic Games 5K-10K Internet Software & Services

Epic Games is hiring a Senior Gameplay AI Programmer to help build and maintain gameplay AI systems for Fortnite and other interactive experiences on a small, growing team.

C++ Game Development Unreal Engine
21 hours, 27 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers