
Security Automation Architect – SIEM/SOAR, AI
Posted 5 days ago

Posted 5 days ago
This is a fully remote position, open to applicants in Spain.
• Transformation of security operations center (SOC) using AI technologies.
• Evaluate existing SOC operational frameworks, including L1/L2 activities, escalation protocols, and response strategies.
• Discover avenues to automate, enhance, or restructure detection and response workflows utilizing AI-driven automation and agentic processes.
• Convert analyst expertise into organized, reusable, and automatable workflows.
• Specify how AI agents can assist in alert triage, enrichment, investigation, prioritization, and response.
• Set clear distinctions between autonomous actions, AI-assisted suggestions, and human decision-making points.
• Aid organizations in transitioning from conventional SOC methodologies to AI-enhanced security operations.
• Design automation architecture for detection and response.
• Create automation templates for typical detection and response scenarios.
• Transform incident response playbooks into structured workflows.
• Establish decision trees, enrichment processes, evidence criteria, and output formats.
• Assist in creating automated triage, reducing false positives, and prioritizing incidents.
• Develop reusable frameworks for investigation, containment, escalation, and reporting.
• Ensure that automation is dependable, transparent, and useful operationally for SOC teams.
• Design agentic security operations.
• Define roles, responsibilities, permissions, and operational boundaries for agents.
• Create human-in-the-loop models for sensitive or significant actions.
• Establish approval workflows, escalation routes, and confidence thresholds.
• Guarantee that agent recommendations are understandable, traceable, and auditable.
• Specify logging and evidence requirements for AI-supported decisions.
• Identify and alleviate risks such as unsafe automation, hallucinations, excessive permissions, prompt injections, data leaks, or incorrect response actions.
• Collaborate with AI engineering teams to ensure that agentic workflows are secure, controlled, and aligned with security operations requirements.
• Integrate SIEM, SOAR, and security tools.
• Implement a human-in-the-loop operational model.
• Focus on continuous improvement and operational effectiveness.
• Over 6 years of experience in cybersecurity, with a solid background in Detection & Response, SOC operations, security automation, SIEM engineering, or security architecture.
• Demonstrated experience in designing or implementing AI automation, AI-assisted workflows, agentic automation, or AI-driven operational processes.
• Strong comprehension of the operational dynamics within modern SOCs across L1, L2, and L3 functions.
• Experience in developing or refining detection use cases, triage methodologies, incident response protocols, and SOC playbooks.
• Practical experience with SIEM and/or SOAR platforms.
• Capability to translate analyst procedures into organized workflows, decision trees, and automation specifications.
• Robust understanding of alert enrichment, case management, incident lifecycle management, and escalation procedures.
• Practical knowledge of identity, permissions, API integrations, and secure automation design.
• Ability to collaborate effectively with SOC analysts, security architects, engineering teams, and senior client stakeholders.
• Strong documentation capabilities, particularly concerning operational procedures, use case specifications, and technical architecture.
• Proficiency in designing automation that operates effectively in real SOC environments, beyond theoretical models.
• **Desirable experience includes:**
• Microsoft Sentinel, Defender XDR, or Microsoft Security Copilot.
• Microsoft Foundry or Azure AI-based automation.
• Agentic AI workflows in cybersecurity or IT operations.
• Loop generation and maintenance.
• SOC automation / SOAR implementation.
• Logic Apps, Azure Functions, or automation runbooks.
• KQL, SPL, or equivalent SIEM query languages.
• Detection engineering and MITRE ATT&CK mapping.
• Threat intelligence enrichment.
• Automation of incident response.
• XDR / EDR platforms and cloud security operations.
• Integration of case management.
• Transformation programs for enterprise SOCs.
• Operating models for MDR/MSSP.
• Purple teaming or validation of detection.
• DevSecOps or infrastructure automation.
• GRC/control evidence automation for security operations.
• Competitive salary based on market standards and your experience 🤑
• Flexible work schedule of 35 hours per week 😎
• Option for fully remote work 🌍
• Flexible compensation for dining, transportation, and childcare ✌
• Comprehensive health insurance at no cost, with a copayment for dental services 🚑
• Individual budget allocated for training or equipment, along with free Microsoft certifications 📚
• English language lessons 🗽
• A day off for your birthday 🌴🥳
• Monthly bonuses to cover electricity and internet costs at home 💻
• Discounts on gym memberships and sports activities 🔝
• Annual team-building event called Plain Camp 🎪
• Additional perks include event attendance, guest speakers, welcome packs, baby baskets, Christmas baskets, and an employee discount portal ➕ Enjoy the opportunity to work with cutting-edge technological tools!
BorderlessMind
CARE
Truelogic Software
Actian
Get handpicked remote jobs straight to your inbox weekly.