The Automation Team Engineer plays a crucial role in automating and orchestrating security processes to enhance the efficiency and effectiveness of our Security Operations Center (SOC) in a multi-client Managed Security Services Provider (MSSP) environment.

This role involves managing and optimizing SOAR and ticketing platforms, integrating diverse tools and technologies across on-premises and cloud environments, and ensuring seamless functionality of automated workflows.

As the Subject Matter Expert (SME) in automation, you will lead the design, development, and refinement of playbooks, align automation solutions with customer-specific requirements, and support SOC operations by identifying and implementing process improvements.
The position also requires advanced scripting capabilities and the ability to troubleshoot and resolve automation-related issues proactively.

This role demands a collaborative mindset, strong problem-solving skills, and a passion for continuous improvement in a fast-paced and dynamic environment. The ideal candidate thrives on reducing manual tasks through automation and is committed to delivering high-quality security services.

Key Responsibilities

Automation and Orchestration:

• Proactively design and implement automated workflows using SOAR and Ticketing platform to optimize security operations and reduce manual processes.
• Integrate various security tools and systems (e.g., SIEM, EDR, firewalls) into the SOAR platform to enable seamless interoperability.
• Act as the SME for automation-related issues, troubleshooting and resolving escalated problems promptly.

Playbook Development and Maintenance:

• Develop, update, and refine playbooks to meet client-specific requirements and operational goals.
• Ensure all playbook creations, updates, and changes are meticulously documented.
• Collaborate closely with the operations team, customer success managers, and threat detection teams to align input and output with requirements.

Scripting and Customization:

• Develop custom scripts, primarily in Python, to create unique integrations or enhance existing workflows.
• Identify and execute opportunities for automation across SOC processes, leveraging creative and innovative solutions.

Collaboration and Knowledge Sharing:

• Work closely with internal and customer teams to understand operational challenges and provide effective automation solutions.
• Deliver mentoring and training sessions to enhance team capabilities in leveraging automation tools.

Process Improvement:

• Continuously evaluate SOC workflows to identify areas for improvement and automation opportunities.
• Contribute to the standardization of processes to ensure the highest level of quality and efficiency.

Ad-Hoc and After-Hours Support:

• Provide support after office hours for critical SOAR-related issues and activations.
• Assist in any ad-hoc tasks as necessary to ensure smooth SOC operations.

Key Requirements

Technical Expertise:

• Hands-on experience with SOAR platforms, preferably Palo Alto XSOAR, Servicenow, and SIEM tools like QRadar, Splunk, or Azure Sentinel.
• Strong knowledge of scripting languages, particularly Python, with 2-5 years of practical experience.
• Familiarity with ITSM platforms like ServiceNow, including the SecOps module, is an advantage.

Cybersecurity Knowledge:

• Solid understanding of cyber-attack vectors, security threats, and mitigation techniques.
• Experience in SOC environments (1-3 years preferred) with exposure to incident response processes and tools.
• Knowledge of reverse engineering of software is a plus.

Problem-Solving and Analytical Skills:

• Proven ability to analyze issues, identify root causes, and implement effective solutions.
• A mindset geared toward continuous improvement and process automation.

Soft Skills:

• Excellent communication and collaboration skills, with the ability to work effectively in diverse, fast-moving environments.
• Strong attention to detail and a proactive approach to problem-solving.
• A team player with a preference for automated workflows over manual processes.

Certifications (Preferred):

• Palo Alto Cortex XSOAR certification.
• Industry certifications such as CISSP, CEH, or GCIH.

Work Environment:

• Willingness to work in a fast-paced environment with short turnaround times.
• Availability for after-hours support when needed to resolve SOAR-related issues.

Work location: Ang Mo Kio