Senior Automation Engineer (SOAR, Hyper - Automation)

  • Colombo, Sri Lanka
  • Full-Time
  • On-Site
Apply now Refer
Job Description:

Job Description

  • Develop, implement, and improve automation workflows using hyperautomation or SOAR platforms such as XSOAR, Splunk SOAR, LogicHub, or Swimlane.
  • Build and maintain API integrations between security tools including SIEMs, EDR/XDR platforms, cloud systems, and case management tools.
  • Work extensively with JSON data, including parsing, transformation, and schema design to enable efficient data exchange.
  • Improve incident response automation to reduce response time (MTTR) and enhance security event correlation.
  • Design scalable and reliable automation workflows that can support large multi-client environments.
  • Support and maintain CI/CD pipelines within SOAR or automation platforms.
  • Collaborate with SOC analysts, DFIR teams, and threat intelligence teams to enhance automation effectiveness.
  • Lead or support migration of automation platforms with minimal impact on operations.
  • Continuously explore and implement new automation techniques to improve SOC and MSSP workflows.

Requirements

  • Minimum 1+ year of experience in security automation, SOAR engineering, or cybersecurity automation in MSSP, DFIR, or enterprise environments.
  • Strong knowledge of JSON including parsing, schema design, and data transformation.
  • Good scripting skills in Python, PowerShell, JavaScript, or Bash.
  • Experience working with REST APIs, webhooks, and API integrations.
  • Familiarity with SIEM tools (Splunk, Microsoft Sentinel, QRadar, Rapid7, etc.).
  • Experience with EDR/XDR tools such as CrowdStrike, SentinelOne, Cortex XDR, or similar platforms.
  • Basic understanding of incident response, threat intelligence, and security lifecycle management.
  • Knowledge of Ansible and DevOps practices.

Nice-to-Have Skills 

  • Experience in MSSP or multi-client security environments.
  • Hands-on experience with SOAR platforms such as XSOAR, Splunk SOAR, or similar tools.
  • Certifications like CompTIA Security+ or AWS/Azure security certifications.
  • Experience with JQ for JSON processing.
  • Familiarity with CI/CD tools such as Azure DevOps.
  • Exposure to cloud security automation (AWS, Azure, Google Cloud).
  • Experience in case management automation and data normalization across tools.
  • Experience leading SOAR migration or building custom security playbooks.