Role: Lead Security Automation Engineer
Primary Location: Colombo
Job Type: Full-time
About the Role
Our client is seeking a Lead Security Automation Engineer to design and optimize automation workflows across SOAR platforms, integrate APIs between security tools and cloud systems, and streamline incident response. The role involves building scalable, fault-tolerant processes, leading migration projects, and collaborating with SOC, DFIR, and threat intelligence teams to enhance security operations.
Key Responsibilities and Accountabilities
• Develop and optimize automation workflows within Torq Hyperautomation or other SOAR platforms such as XSOAR, Splunk SOAR, LogicHub, Swimlane
• Build API integrations between security tools such as SIEMs, EDRs, XDRs case management systems, and cloud platforms
• Extensively work with JSON formatting, parsin,g and data transformations to enable seamless data exchange across multiple security platforms
• Streamline incident response automation to improve efficiency, reduce MTT,R and enhance security event correlation
• Design and maintain fault-tolerant automation processes that scale across thousands of clients
• Maintain and optimize CI CD pipeline infrastructure within a SOAR platform
• Collaborate with SOC analysts, DFIR teams, and threat intelligence groups to refine and enhance automation capabilities
• Lead migration projects to improve automation platforms, ensuring seamless transitions without impacting security operations
• Continuously evaluate and implement emerging automation techniques to enhance SOC and MSSP workflows
Skills and Ability
Must Have Skills and Experience
• 1 plus years of experience in security automation, SOAR engineering,g or cybersecurity automation within an MSSP, DFIR, or enterprise security environment
• Extensive experience working with JSON, including JSON schema
• Strong scripting skills in Python, PowerShell,l or Bash for workflow automation
• Proficiency in API development and integration, including RESTful APIs, JSON-based APIs, and webhook automation
• Experience working with SIEM such as Splunk Sentinel, QRada,r Rapid7 IDR, and EDR or XDR tools such as CrowdStrike SentinelOne, Stellar Cyber, Cortex XDR
• Knowledge of incident response, threat intelligence, and security event lifecycle management
Nice to Have Skills
• Experience in multi-client environments, MSSP, IR firms, or security service providers
• Hands-on experience with Torq Hyperautomation XSOAR, Splunk SOAR, or similar platforms
• Certifications such as Torq SOAR Analyst, Torq SOAR Expert, CompTIA Security plus, AWS, or Azure Security Certifications
• Proficiency in using JQ filters for data manipulation
• Familiarity with CI CD pipelines such as Azure DevOps
• Experience automating cloud security workflows, AWS, Azure, Google Cloud
• Familiarity with case management automation and cross-platform data normalization
• Prior experience leading SOAR migration projects or developing custom security playbooks.
.png)
