Build and maintain automation playbooks for alert triage, IOC enrichment, ticket creation, and escalation workflows using platforms like n8n, Tines, or XSOAR.
Develop Python/PowerShell scripts for API integrations, log parsing, and automated response actions.
Integrate security tools including SIEM, EDR, threat intel platforms (VirusTotal, AbuseIPDB), and ticketing systems (Jira, ServiceNow) via REST APIs.
Parse and normalize data across JSON, Syslog formats for use in automation pipelines.
Handle webhook configurations and event-driven triggers for real-time automation.
Troubleshoot failed workflows, perform root cause analysis, and maintain pipeline reliability.
Handle webhook configurations and event-driven triggers for real-time automation.
Troubleshoot failed workflows, perform root cause analysis, and maintain pipeline reliability.
Document all workflows, playbooks, and API configurations in a Git repository.
Collaborate with SOC analysts to identify manual processes suitable for automation.
Technical Skills — Must Have
Proficiency in Python/JS scripting — API calls, data parsing, error handling
Strong understanding of REST APIs — authentication (API keys, OAuth, Bearer tokens), request handling, and response parsing
Solid grasp of JSON and data transformation across formats.
Comfort with Linux CLI — log inspection, file handling, running scripts.
Basic understanding of networking fundamentals — DNS, HTTP/S, ports, protocols.
Awareness of common attack types and IOCs — phishing, malware, brute force
Tools — Exposure Expected.
Conceptual understanding of what a SIEM is and how it functions — log aggregation, alert generation, correlation rules, and its role in a SOC environment. Hands-on exposure is a plus.
Basic Git usage — commits, branching, pull requests.
