You will join our Security Automation team to eliminate toil, accelerate incident response, and measurably reduce risk. You will be the hands-on expert designing, building, and operating automations across Microsoft Sentinel SOAR (Logic Apps/Playbooks) that streamline day-to-day IR activities and reduce MTTA/MTTR and analyst effort.
What will you do?
Design & build SOAR playbooks in Microsoft Sentinel to automate enrichment, triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints).
Integrate ecosystems: EDR/XDR, firewalls, TI feeds, cloud platforms, identity stores (Entra ID), messaging (Teams/Slack), and evidence stores.
Own reliability: implement robust error handling, retries/idempotency, health checks, observability (logs/metrics), and secrets management (e.g., Key Vault).
Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ServiceNow.
Governance & SDLC: version control (Git), code reviews, CI/CD, change control, documentation and runbooks.
Enable the SOC: create reusable automation building blocks, write playbook docs, and train analysts to safely run automations.
Job Requirements
Details:
What do you need to succeed?
4+ years working with SOAR (preferably Microsoft Sentinel/Logic Apps) and/or 4+ years hands-on experience with ServiceNow automtions.
Strong SOAR engineering: event parsing, enrichment patterns, containment actions, webhooks, OAuth/service principals, and API integrations.
Proficiency in scripting/automation: Python and/or PowerShell; comfortable with JSON, REST, and event-driven patterns.