Job Description:
Position: Senior security automation engineer
Work location: Remote/ Hybrid/ Bangalore
Notice period: Immediate - 15 days
Mode of Interview: MS Teams
Year of Experience: Minimum 8 years
Job Description:
Role Overview
We are seeking a heavyweight Cortex XSIAM & SOAR Expert to lead our automation initiative. Your primary mission is to transform our SOC from manual triaging to an automated powerhouse. The goal is clear: 80% automation of our existing playbook library. You will be responsible for designing, building, and refining complex workflows that integrate disparate security tools into a cohesive, automated response engine.
Key Responsibilities
- Playbook Engineering: Design and implement end-to-end automation playbooks in Cortex XSIAM using both out-of-the-box integrations and custom Python scripts.
- Workflow Optimization: Audit existing manual processes and "code-ify" them to reduce Mean Time to Respond (MTTR) and eliminate analyst fatigue.
- Platform Mastery: Manage the XSIAM environment, including data ingestion, XQL (Xalt Query Language) development, and alert tuning.
- API Integration: Build custom integrations between XSIAM and third-party tools (EDR, Firewall, IAM, AWS) where native connectors may fall short.
- Continuous Improvement: Monitor playbook performance and "auto-remediate" common false positives to ensure the SOC focuses only on high-fidelity threats.
- Experience is integrating Automation scripts and doing regressive testing for low error rates for tasks.
Technical Qualifications-
- Expert-level Cortex XSIAM/XSOAR: Proven track record of building complex, multi-stage playbooks (loops, conditional logic, and sub-playbooks).
- Advanced Scripting: Proficiency in Python and PowerShell is mandatory for custom task creation.
- XQL Proficiency: Ability to write complex queries for data correlation and dashboarding.
- Security Context: Deep understanding of the MITRE ATT&CK framework and common incident response lifecycles (Phishing, Malware, Brute Force, etc.)
- Integration Experience: Experience working with REST APIs and JSON/XML data structures