- Design, build, and maintain SOC automation workflows for L1 triage, alert enrichment, and response using SOAR tools (Cortex XSOAR, Splunk SOAR, n8n, etc.)
- Develop modular, agent-based pipelines using Python or TypeScript (ideally event-driven or orchestrated via n8n, Apache Airflow, etc.)
- Integrate threat intelligence APIs (VirusTotal, AbuseIPDB, Shodan, MISP, OpenCTI)
- Collaborate with AI team to interface LLMs into enrichment/summarization steps (e.g., GPT, Claude, mistral, etc.)
- Contribute to architectural design and data flow models (timeline graphs, observables)
- Write clean, testable code and deploy in cloud-based environments (AWS/GCP)
Qualifications:
- 5–10+ years of experience in cybersecurity, DevSecOps, or SOC automation
- Proficiency in Python, JavaScript/TypeScript, or Golang
- Hands-on with at least one SOAR or workflow automation platform (e.g., Cortex XSOAR, Phantom, TheHive, Shuffle, StackStorm, n8n)
- Strong understanding of SIEM tools (e.g., Splunk, Sentinel, QRadar, Wazuh)
- Experience with threat intelligence feeds, EDR/XDR tools, and incident response logic
- Familiarity with RESTful APIs, webhook/event-driven architectures
- (Bonus) Experience with AI/ML models (especially LLMs or agent frameworks)