SOC Automation Engineer

SOC Automation Engineer

As a SOC Automation Engineer, you will apply hands-on engineering expertise to design, build, and optimise automation workflows that improve the scalability and efficiency of SOC services. Working across SIEM, endpoint, and orchestration platforms (primarily Palo Alto XSOAR), you will reduce analyst workload, accelerate incident response, and enhance decision-making across customer environments.

• Automation Development – Design, build, and maintain scalable automation workflows across detection and response platforms.
• Integration & Orchestration – Deliver cross-platform automation enabling fast, reliable response actions.
• Lifecycle Management – Develop, deploy, and continuously optimise automation for performance, resilience, and coverage.
• Collaboration & Requirements Gathering – Work with SOC and engineering teams to identify automation opportunities.
• Documentation – Produce clear documentation to support delivery, troubleshooting, and continuous improvement.
• Automation Planning – Contribute to automation roadmaps, threat modelling, and use case development.
• Pre-Sales Support – Assist with demos, scoping, and proof-of-value activities where required.

Automation Design & Development

• Build and maintain workflows across SIEM, EDR, and SOAR platforms
• Develop reusable scripts, templates, and components
• Ensure solutions support secure, multi-tenant environments

Integration & Response Automation

• Orchestrate containment, enrichment, and remediation actions
• Integrate with threat intelligence, cloud, vulnerability, and reporting tools
• Partner with analysts to map and automate response processes

Lifecycle Management & Optimisation

• Manage automation from design through to optimisation
• Troubleshoot failures and refine logic
• Use post-incident insights to improve workflows

Documentation & Standards

• Maintain clear documentation of workflows, dependencies, and error handling
• Ensure consistency and usability for wider teams

Strategic Contribution

• Support use cases aligned to threat modelling and MITRE ATT&CK
• Contribute to automation playbooks and response strategies
• Stay current with tools, frameworks, and emerging threats

Collaboration

• Embed automation into SOC workflows
• Share best practices and support team development

Pre-Sales

• Support workshops, onboarding, and solution design where needed

• SOC Analysts – Automate repeatable triage and response activities
• Platform & Detection Engineers – Integrate automation into tooling and detections
• Sales & Pre-Sales – Provide technical input for customer solutions

• 2+ years’ experience in SOC, automation, or cloud security engineering
• Experience in managed services or multi-tenant environments
• Strong experience building automations across SIEM, SOAR, or EDR platforms
• Proficiency in scripting (e.g., Python, PowerShell)
• Experience working with APIs, webhooks, and authentication methods
• Knowledge of threat frameworks (e.g., MITRE ATT&CK)
• Understanding of cloud security, identity, and event-driven automation
• Strong communication and analytical skills

Security clearance (NPPV and/or SC) may be required.

• Security orchestration and automation principles
• Scripting and integration patterns (APIs, webhooks)
• SOC detection and response workflows
• Threat intelligence integration and use case design
• Cloud and identity security concepts
• Multi-tenant automation design

Essential:

• Hands-on experience with Palo Alto XSOAR

Desirable:

• Palo Alto Networks Certified XSOAR Engineer
• Palo Alto Networks Certified Security Automation Engineer (PCSAE)
• Palo Alto Networks Security Operations Professional