Security Automation Specialist – SOAR (RARR Job 5389)

We are seeking a highly skilled Security Automation Specialist with strong expertise in SOAR platforms and identity workflow automation. The ideal candidate will play a key role in designing, developing, and implementing automated security operations and incident response processes.

Key Responsibilities:

• Identity Workflow Automation:
  Design and implement automation for IAM processes including user provisioning/deprovisioning, RBAC, access reviews, and PAM.

• Security Tool Integration:
  Integrate various security tools (SIEM, EDR, vulnerability scanners) into automated pipelines to enhance incident response and threat detection.

• Scripting & Development:
  Write efficient, well-documented scripts using Python, PowerShell, Go, JavaScript for task automation and custom integrations.

• API Utilization:
  Use APIs from security products and enterprise systems to automate workflows and trigger actions.

• Workflow Orchestration:
  Utilize tools like Ansible, Terraform, Kubernetes, and SOAR platforms to manage and automate security operations.

• Monitoring & Alerting:
  Implement automated monitoring for IAM-related security events ensuring timely detection and response.

• Incident Response Automation:
  Develop playbooks for common incidents to reduce MTTD and MTTR through automated response mechanisms.

• Documentation:
  Maintain detailed documentation of automated processes, playbooks, and integrations.

• Continuous Improvement:
  Identify and implement opportunities for security automation to improve efficiency and reduce manual overhead.

• Collaboration:
  Work closely with security engineers, DevOps, and operations teams to gather requirements and deliver automated solutions.

Must-Have Skills:

• SOAR Platforms:
  Palo Alto XSOAR, IBM SOAR, Devo SOAR

• Security Tools:
  Microsoft Copilot for Security, SIEM, EDR, vulnerability scanners

• Languages:
  Python, PowerShell, JavaScript, Go

• Other Skills:
  IAM Automation, SOC content development, API Integration, Incident Response Playbook Development, Orchestration tools (Ansible, Terraform, Kubernetes)

Preferred Experience:

• 5–8 years of experience in cybersecurity with a focus on automation and orchestration

• Strong understanding of SOC operations, incident lifecycle, and security tool integration