Security Automation Engineer

Why we're hiring:

The Automation Engineer is responsible for designing, developing, and maintaining security automation solutions that enhance detection, response, workflow efficiency, and operational consistency across Operational Security. Working under the Automation Lead, this role builds high-quality SOAR playbooks, integrations, scripts, AI-assisted workflows, and orchestration pipelines to reduce manual workloads and support the Autonomic Security Operations (ASO) model.

What you'll be doing:

• Develop SOAR playbooks, workflows, and automations for alert triage, enrichment, containment, and remediation.
• Build scalable, reusable automation components, scripts, and integrations.
• Implement high-quality scripting using Python, PowerShell, and REST APIs.
• Ensure appropriate version control, QA, testing, and documentation of automation artefacts.
• Maintain reliability of automations by monitoring performance, exceptions, and system behaviour.

• Integrate SOAR with SIEM, EDR, TIP, cloud-native security tools, and case management systems.
• Engineer automation pipelines to support Microsoft and Google security ecosystems.
• Develop API integrations, webhooks, and event-driven automation triggers.
• Support data transformation, enrichment, and telemetry orchestration requirements.

• Contribute to embedding AI/ML-driven enrichment and correlation logic into automated workflows.
• Support operationalisation of ML models for anomaly detection and decision support.
• Collaborate with data and detection teams to refine and enhance AI-enabled automation.

• Translate SOPs, response runbooks, and detection workflows into automated processes.
• Identify automation opportunities to eliminate manual tasks across SecOps functions.
• Ensure automated processes remain consistent, auditable, and compliant with Operational Security standards.

• Work with Detection Engineering, Incident Response, Threat Hunting, and Threat Intelligence teams to automate use cases.
• Participate in post-incident reviews and embed improvements into automation workflows.
• Assist with tool evaluations, optimisation initiatives, and integration efforts led by the Automation Lead.

• Contribute to a backlog of automation enhancements and new capabilities.
• Optimise accuracy, resilience, and efficiency across automation workflows.
• Ensure alignment with GCAT SOC10x principles, including 10X Technology, Process, Speed, and Visibility.

What you'll need:

• Experience with SOAR platforms such as Cortex XSOAR, Splunk SOAR, or Chronicle SOAR.
• Proficiency in Python and/or PowerShell for automation development.
• Strong understanding of REST APIs, JSON, and event-driven automation.
• Experience integrating SIEM, EDR, TIP, and cloud-native security tools.

• Understanding of workflows across SOC, Incident Response, Threat Hunting, and Detection Engineering.
• Ability to convert operational requirements and SOPs into engineered automation.
• Familiarity with playbooks, runbooks, and security process governance.

• Strong communication and documentation skills.
• Ability to work in an engineering-led, automation-first culture.
• Experience working with cross-functional technical teams in security operations.

• SOAR platform certifications.
• GIAC (GMON, GCTI, GCIH, GCDA).
• Python or scripting certifications.
• Azure or GCP cloud certifications.

• Engineering-first mindset with strong attention to detail.
• Problem-solving orientation with a focus on automation and efficiency.
• Structured, methodical, and reliable approach to delivery.
• Commitment to operational excellence and continuous improvement.

Who you are: