Senior Automation Engineer (SOAR, Hyper - Automation)

• Develop and optimize automation workflows within Torq Hyperautomation or other SOAR platforms (e.g., XSOAR, Splunk SOAR, LogicHub, Swimlane).
• Build API integrations between security tools such as SIEMs, EDRs, XDRs, case management systems, and cloud platforms.
• Extensively work with JSON formatting, parsing, and data transformations to enable seamless data exchange across multiple security platforms.
• Streamline incident response automation to improve efficiency, reduce MTTR, and enhance security event correlation.
• Design and maintain fault-tolerant automation processes that scale across thousands of clients.
• Maintain and optimize CI/CD pipeline infrastructure within a SOAR platform.
• Collaborate with SOC analysts, DFIR teams, and threat intelligence groups to refine and enhance automation capabilities.
• Lead migration projects to improve automation platforms, ensuring seamless transitions without impacting security operations.
• Continuously evaluate and implement emerging automation techniques to enhance SOC and MSSP workflows.

Requirements

• 1+ years of experience in security automation, SOAR engineering, or cybersecurity automation within an MSSP, DFIR, or enterprise security environment.
• Extensive experience working with JSON, including JSON schema design, manipulation, parsing, and API-based data transformations.
• Strong scripting skills in Python, PowerShell, or Bash for workflow automation.
• Proficiency in API development and integration, including RESTful APIs, JSON- based APIs, and webhook automation.
• Experience working with SIEM (Splunk, Sentinel, QRadar, Rapid7 IDR, etc.) and EDR/XDR tools (CrowdStrike, SentinelOne, Stellar Cyber, Cortex XDR, etc.).
• Knowledge of incident response, threat intelligence, and security event lifecycle management.

Nice-to-Have Skills 

• Experience in multi-client environments (MSSP, IR firms, or security service providers). 
• Hands-on experience with Torq Hyperautomation, XSOAR, Splunk SOAR, or similar platforms. 
• Certifications: Torq SOAR Analyst, Torq SOAR Expert, CompTIA Security+, AWS/Azure Security Certifications. 
• Proficiency in using JQ filters for data manipulation. 
• Familiarity with CI/CD pipelines (Azure DevOps) Experience automating cloud security workflows (AWS, Azure, Google Cloud). 
• Familiarity with case management automation and cross-platform data normalization. 
• Prior experience leading SOAR migration projects or developing custom security playbooks.