Career Opportunities: Cyber Automation Specialist (9237)

Job Summary

We are seeking a highly motivated Cybersecurity SOAR (Security Orchestration, Automation, and Response) Specialist to join our growing security operations team. This role will focus on designing, developing, and maintaining automation workflows to streamline and enhance our incident detection, investigation, and response capabilities.

We’re looking for a Cybersecurity Automation Specialist who’s passionate about making security operations smarter, faster, and more effective. You’ll be the bridge between security analysts and engineering—automating detection, response, and remediation workflows to enhance security posture while reducing manual effort. If you're someone who lives at the intersection of cyber security operations and software development, we want to hear from you.

Work closely with SOC analysts, incident responders, threat hunters, and other security professionals to drive rapid, consistent, and efficient incident response—reducing manual effort through thoughtful automation.

Responsibilities

• Design and build automated workflows to support incident detection, triage, enrichment, and response using SOAR platforms (e.g., Splunk SOAR, Cortex XSOAR, Tines, etc.)
• Create feedback loops and partner closely with the Security Operations Center (SOC) analysts to understand pain points and repetitive tasks, turning them into automation use cases.
• Enhance threat intelligence ingestion and correlation across multiple data sources (EDR, NDR, SIEM, Ticketing Systems, etc.).
• Create interactive workbooks (e.g., Jupyter notebooks) to supercharge analysts and their ability to triage and respond. 
• Create enrichment pipelines using OSINT sources and threat intelligence feeds, vulnerability management data, and other internal data sources.
• Create building blocks and reusable modules, connectors, and integrations with third-party APIs, tools, and platforms.
• Document all developed playbooks, scripts, infrastructure components, and integrations to ensure maintainability, reproducibility, and contribute to our internal wiki for team-wide knowledge sharing.
• Maintain code repository of developed SOAR functions and scripts created for incident response.
• Understand, design, and implement CI/CD pipelines for automated deployment of security automation code.
• Collaborate in agile workflows by participating in sprint planning, backlog grooming, and retrospectives; prioritizing SOAR tasks which will directly impact our security analysts
• Support containerized development and deployment processes using Docker and Kubernetes.
• Contribute to internal tooling, microservices, and serverless functions to extend SOAR capabilities.
• Deploy security infrastructure and resources using Infrastructure as Code (IaC) to support scalable and repeatable deployment of security resources.
• Write code as Secure-by-Default and understand what often contributes to vulnerabilities in code and applications.
• Assist in security incident investigations and post-incident reviews.
• Stay current with evolving cybersecurity threats, tools, and technologies.

Qualifications

Required:

• 2+ years of experience in cybersecurity, preferably within a SOC or incident response environment. BA in related technology field acceptable as substitution for experience.
• Proficiency in scripting languages such as Python or JavaScript.
• Experience with SIEM tools (e.g., Splunk, MS Sentinel, LogRhythm).
• Familiarity with REST APIs, JSON, and integrating with third-party security tools.
• Solid understanding of security incident management, threat intelligence, and security frameworks (e.g., MITRE ATT&CK, NIST).
• Solid understanding of modern development practices: Git, CI/CD, Infrastructure as Code (Terraform, etc.).
• Familiarity with cloud environments (AWS, GCP, Azure) and related security tooling.

Preferred:

• Certifications such as CISSP, GCIH, GCIA, or SOAR platform-specific certs.
• Experience with enterprise security tools, CI/CD pipelines, and cloud environments/infrastructure.
• Experience with containerized applications, Kubernetes, and microservices architecture.
• Experience with event-driven or serverless architectures (e.g., AWS Lambda, Google Cloud Functions) for lightweight automation. 
• Hands-on experience automating workflows for phishing, malware, insider threats, or other common incident types.
• Experience contributing to internal security tools, libraries, or developer platforms.