SOC Automation Engineer

SOC Automation Engineer

As a SOC Automation Engineer, you will apply hands-on engineering expertise to design, build, and optimise automation workflows that improve the scalability and efficiency of SOC services. Working across SIEM, endpoint, and orchestration platforms (primarily Palo Alto XSOAR), you will reduce analyst workload, accelerate incident response, and enhance decision-making across customer environments. Key Responsibilities

Automation Development – Design, build, and maintain scalable automation workflows across detection and response platforms.

Integration & Orchestration – Deliver cross-platform automation enabling fast, reliable response actions.

Lifecycle Management – Develop, deploy, and continuously optimise automation for performance, resilience, and coverage.

Collaboration & Requirements Gathering – Work with SOC and engineering teams to identify automation opportunities.

Documentation – Produce clear documentation to support delivery, troubleshooting, and continuous improvement.

Automation Planning – Contribute to automation roadmaps, threat modelling, and use case development.

Pre-Sales Support – Assist with demos, scoping, and proof-of-value activities where required.

Core Duties Automation Design & Development

Build and maintain workflows across SIEM, EDR, and SOAR platforms

Develop reusable scripts, templates, and components

Ensure solutions support secure, multi-tenant environments

Integration & Response Automation

Orchestrate containment, enrichment, and remediation actions

Integrate with threat intelligence, cloud, vulnerability, and reporting tools

Partner with analysts to map and automate response processes

Lifecycle Management & Optimisation

Manage automation from design through to optimisation

Troubleshoot failures and refine logic

Use post-incident insights to improve workflows

Documentation & Standards

Maintain clear documentation of workflows, dependencies, and error handling

Ensure consistency and usability for wider teams

Strategic Contribution

Support use cases aligned to threat modelling and MITRE ATT&CK

Contribute to automation playbooks and response strategies

Stay current with tools, frameworks, and emerging threats

Collaboration

Embed automation into SOC workflows

Share best practices and support team development

Pre-Sales

Support workshops, onboarding, and solution design where needed

Stakeholder Collaboration

SOC Analysts – Automate repeatable triage and response activities

Platform & Detection Engineers – Integrate automation into tooling and detections

Sales & Pre-Sales – Provide technical input for customer solutions

Requirements

2+ years’ experience in SOC, automation, or cloud security engineering

Experience in managed services or multi-tenant environments

Strong experience building automations across SIEM, SOAR, or EDR platforms

Proficiency in scripting (e.g., Python, PowerShell)

Experience working with APIs, webhooks, and authentication methods

Knowledge of threat frameworks (e.g., MITRE ATT&CK)

Understanding of cloud security, identity, and event-driven automation

Strong communication and analytical skills

Security clearance (NPPV and/or SC) may be required. Technical Knowledge

Security orchestration and automation principles

Scripting and integration patterns (APIs, webhooks)

SOC detection and response workflows

Threat intelligence integration and use case design

Cloud and identity security concepts

Multi-tenant automation design

Certifications Essential:

Hands-on experience with Palo Alto XSOAR

Desirable

Palo Alto Networks Certified XSOAR Engineer

Palo Alto Networks Certified Security Automation Engineer (PCSAE)

Palo Alto Networks Security Operations Professional