SOC Automation Engineer

SOC Automation Engineer

As a SOC Automation Engineer, you will apply hands-on engineering expertise to design, build, and optimise automation workflows that improve the scalability and efficiency of SOC services. Working across SIEM, endpoint, and orchestration platforms (primarily Palo Alto XSOAR), you will reduce analyst workload, accelerate incident response, and enhance decision-making across customer environments.

Key Responsibilities

* Automation Development – Design, build, and maintain scalable automation workflows across detection and response platforms.

* Integration & Orchestration – Deliver cross-platform automation enabling fast, reliable response actions.

* Lifecycle Management – Develop, deploy, and continuously optimise automation for performance, resilience, and coverage.

* Collaboration & Requirements Gathering – Work with SOC and engineering teams to identify automation opportunities.

* Documentation – Produce clear documentation to support delivery, troubleshooting, and continuous improvement.

Core Duties

Automation Design & Development

* Build and maintain workflows across SIEM, EDR, and SOAR platforms

* Develop reusable scripts, templates, and components

* Ensure solutions support secure, multi-tenant environments

Collaboration

* Embed automation into SOC workflows

* Share best practices and support team development

Pre-Sales

* Support workshops, onboarding, and solution design where needed

Stakeholder Collaboration

* SOC Analysts – Automate repeatable triage and response activities

* Platform & Detection Engineers – Integrate automation into tooling and detections

* Sales & Pre-Sales – Provide technical input for customer solutions

Requirements

* 2+ years’ experience in SOC, automation, or cloud security engineering

* Experience in managed services or multi-tenant environments

* Strong experience building automations across SIEM, SOAR, or EDR platforms

* Proficiency in scripting (e.g., Python, PowerShell)

* Experience working with APIs, webhooks, and authentication methods

* Knowledge of threat frameworks (e.g., MITRE ATT&CK)

* Understanding of cloud security, identity, and event-driven automation

* Strong communication and analytical skills

Security clearance (NPPV and/or SC) may be required.

Technical Knowledge

* Security orchestration and automation principles

* Scripting and integration patterns (APIs, webhooks)

* SOC detection and response workflows

* Threat intelligence integration and use case design

Certifications

Essential:

* Hands-on experience with Palo Alto XSOAR

Desirable:

* Palo Alto Networks Certified XSOAR Engineer

* Palo Alto Networks Certified Security Automation Engineer (PCSAE)

* Palo Alto Networks Security Operations Professional