Security Automation Engineer

1 month, 1 week ago
Full-time
Mid Level
DevOps and Infrastructure
ProArch

ProArch

At ProArch, we help our clients accelerate growth and mitigate risk with IT services, cybersecurity services, application development, cloud computing, and data analytics. ProArch was founded on the belief that a future where change is ‘business as usu...

Internet Software & Services
251-1K
Founded 2006

Description

  • Design, develop, implement, and maintain SOAR playbooks and automation workflows for SOC operations.
  • Build scalable orchestration for alert triage, automated enrichment, threat intelligence correlation, incident response, containment, identity investigations, case management, and reporting.
  • Implement and maintain integrations between SOAR platforms and security tools using APIs, webhooks, SDKs, and custom connectors.
  • Develop automation logic that improves SOC efficiency, reduces analyst fatigue, and accelerates MTTR and mean time to resolve.
  • Support SOAR platform administration, including upgrades, change management, testing, governance, RBAC, operational maintenance, and environment hardening.
  • Work with SOC managers, team leads, analysts, and consultants to identify automation opportunities and improve investigation, escalation, detection, and reporting workflows.
  • Assist in scaling SOC operations through automation, AI-driven initiatives, and incident response automation strategies.
  • Coordinate with internal stakeholders and external vendors on implementation, troubleshooting, optimization, feature enablement, testing, and deployment.
  • Maintain technical documentation, workflow diagrams, integration references, and operational runbooks.
  • Support cross-functional cybersecurity projects and operational improvements in a globally distributed environment.

Requirements

  • Bachelor’s degree or graduation in Computer Science, Information Technology, Cybersecurity, Engineering, or a related technical field is mandatory.
  • 3–5 years of overall cybersecurity experience.
  • Proven hands-on experience with SOAR platforms in enterprise or MSSP environments.
  • Strong experience designing and implementing automation workflows from scratch.
  • Experience supporting Security Operations Center (SOC) environments; prior SOC Analyst experience is highly preferred.
  • Experience working in Managed Security Services Provider (MSSP) environments is preferred.
  • Experience supporting or collaborating with US-based teams and vendors is preferred.
  • Strong hands-on experience with SOAR technologies; experience with Torq SOAR is preferred.
  • Experience integrating security tools using REST APIs, JSON, webhooks, Python, PowerShell, or scripting/automation frameworks.
  • Familiarity with SIEM platforms and alert correlation logic, including Microsoft Sentinel and Defender XDR.
  • Experience with ticketing systems, preferably Datto Autotask.
  • Understanding of incident response workflows, SOC operations, detection engineering, security orchestration, threat intelligence, authentication mechanisms, and identity-based security workflows.
  • Understanding of endpoints, cloud, identity, and email security ecosystems, including Microsoft Defender for Endpoint, Defender XDR, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, Purview, Entra ID, CrowdStrike Falcon, and Graph API.
  • Relevant cybersecurity or automation-focused certifications are an added advantage, such as Security+, CySA+, GCIH, SC-200, AZ-500, SOAR platform certifications, Splunk, or Microsoft certifications.
  • Experience implementing AI-driven SOC workflows or AI orchestration in cybersecurity operations is preferred.
  • Knowledge of security operations metrics, optimization strategies, governance, and change management is preferred.
  • Familiarity with DevSecOps or infrastructure automation concepts is preferred.
  • Strong verbal and written communication, documentation, collaboration, troubleshooting, and stakeholder coordination skills are required.
  • Ability to work independently in a remote-first, multicultural, fast-paced MSSP environment and manage multiple priorities simultaneously.
  • Primary alignment with USA Eastern Time business hours and permanent remote work from India are required.

Benefits

  • Permanent remote working opportunity within India.
  • Flexible working model based on operational requirements and project demands.
  • Primary alignment to USA Eastern Time business hours with schedule flexibility when needed.
  • Career Pathways support for professional growth and progression.
  • Work-life harmony with encouragement to focus on time outside of work.
  • Inclusive, respectful, and collaborative team culture.
  • Employee appreciation programs that recognize exceptional contributions.
  • Opportunities to work on meaningful, cross-functional projects with global impact.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Information Systems Security Officer (ISSO) - Subject Matter Expert (SME)

Avint 11-50 IT Services

Avint is hiring an Information Systems Security Officer (ISSO) Subject Matter Expert to oversee the day-to-day cybersecurity operations of assigned systems and help maintain compliance with RMF and federal security requirements.

Cybersecurity Network Security Splunk
19 hours, 40 minutes ago

Information Systems Security Officer (ISSO) - Senior

Avint 11-50 IT Services

Avint is hiring a Senior Information Systems Security Officer to lead RMF execution, security authorization, and cybersecurity oversight for information systems and applications supporting organizational compliance and resilience.

Cybersecurity
19 hours, 40 minutes ago

Data Scientist III (R-00138)

True Zero Technologies 11-50 Internet Software & Services

True Zero Technologies is hiring a cybersecurity and data migration professional to support the transformation of legacy security artifacts, workflows, and reporting into a modern eGRC environment.

Agile AWS Cybersecurity Machine Learning
19 hours, 40 minutes ago

API Workflow Developer (R-00180)

True Zero Technologies 11-50 Internet Software & Services

True Zero Technologies is hiring an API Workflow Developer to build and maintain cybersecurity automation and integrations within an enterprise SOAR environment.

Cybersecurity Git JSON Python REST API SIEM
19 hours, 55 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers