Build and expand next-generation security automation capabilities, leading the implementation of XSOAR platform, developing high-impact automations, and integrating with SIEM, IR, and cloud platforms.
Key Highlights
Technical Skills Required
Benefits & Perks
Job Description
Automation Engineer
Contract: 6-Month W2 (with potential for extension/conversion)
Location: 100% Remote
Start Date: ASAP
Overview
Our client is seeking an experienced Automation Engineer to help build and expand their next-generation security automation capabilities.
This engineer will support the Cyber Defense organization by supporting the new XSOAR platform, developing high-impact automations, and contributing to the enhancement of detection and response workflows across the enterprise.
Key Responsibilities
SOAR Platform Engineering & Automation
- Lead the implementation and stand-up of a new XSOAR (formerly Demisto) platform, including architecture, configuration, integrations, and deployment.
- Build, test, and maintain advanced automation workflows and playbooks using XSOAR, Python, PowerShell, and REST APIs.
- Develop scalable automations for incident response, threat detection, and vulnerability management.
- Integrate XSOAR with SIEM, IR, ticketing, cloud platforms, and other security tools.
- Identify automation opportunities, gather requirements, and translate them into technical specifications.
- Ensure the reliability, performance, and availability of SOAR automation pipelines.
API Development & Cloud Security
- Build and maintain API-driven integrations for data collection, enrichment, and automated response.
- Work with cloud security tooling across AWS, Azure, or GCP to enhance detection and automation capabilities.
Required Qualifications
- 5+ years of hands-on XSOAR/Demisto engineering and implementation experience.
- Strong scripting experience in Python or PowerShell.
- Experience integrating automation workflows with REST APIs and third-party systems.
- Background in security operations, incident response, or detection engineering.
- Experience with Splunk or other SIEM technologies.
- Strong understanding of security fundamentals, threat intelligence, and attack methodologies.
- Excellent troubleshooting, problem-solving, and communication skills.
- Ability to work effectively in a remote, collaborative environment.
Nice-to-Have
- Experience supporting detection rule development or alert tuning.
- Cloud security knowledge (AWS, Azure, GCP).
- Prior experience standing up SOAR platforms from scratch.
- Experience with automation in large-scale enterprise environments.
Additional Details
- This role directly supports the Cyber Defense Automation & Detection initiatives and works closely with security engineering, incident response, and cloud security teams.