We are looking for a proactive and technically skilled Security Automation Engineer to join our MSSP SOC team. In this role, you will be responsible for building, maintaining, and optimizing automation workflows to streamline security operations across multiple tenants and environments.

This position involves hands-on development using Python, integration with various tools through REST APIs, and managing automation platforms like Palo Alto Cortex XSOAR. You will also work closely with internal teams and external vendors to improve processes, implement solutions, and reduce manual workload through automation.

Key Responsibilities

• Develop and maintain automation workflows/playbooks using Palo Alto Cortex XSOAR and other SOAR platforms.
• Integrate automation with SIEMs (Microsoft Sentinel, QRadar, Splunk, Elastic, Google Chronicle), ITSM tools (ServiceNow, Jira), and enrichment sources via API.
• Write clean, reusable Python scripts for automation, enrichment, and integration tasks.
• Troubleshoot and resolve issues related to integrations and automation logic.
• Work with SOC analysts and other teams to identify high-impact automation opportunities.
• Document automation logic, workflows, integration points, and changes.
• Collaborate with vendors and support teams to implement, fix, or upgrade integrations.
• Proactively explore new technologies, including AI/LLM tools, and propose use cases.

Required Skills & Experience

• Strong scripting background (Python preferred; JavaScript/Bash is a plus)
• Experience working with REST APIs and handling JSON/YAML data
• Familiarity with Palo Alto Cortex XSOAR or other SOAR platforms (e.g., Splunk SOAR, IBM SOAR)
• Understanding of SIEM operations and integration logic
• Familiarity with ITSM processes and tools (e.g., ServiceNow, Jira)
• Ability to plan, troubleshoot, and think critically to deliver solutions
• Strong documentation, communication, and collaboration skills

Bonus Skills

• Exposure to multi-tenant MSSP environments
• Experience with Git and version control
• Familiarity with cloud platforms (AWS, Azure, GCP)
• Understanding of basic SOC workflows and cyber threat response

Work location: Ang Mo Kio