**Roles and Responsibilities**
- Architect, implement, and maintain Security Orchestration, Automation, and Response (SOAR) solutions, developing custom automation playbooks, scripts, and integrations across EDR, ITP, DLP, IAM, and cloud environments to optimize and scale cybersecurity operations.
- Leverage AI and ML technologies to improve event correlation, detection accuracy, and decision-making efficiency within the SOC ecosystem, integrating automation pipelines with SIEM platforms (e.g., Splunk, Sumo Logic) to enrich alerts and reduce false positives.
- Design and maintain REST API-based integrations between security, IT, and business systems, and develop automation scripts using Python, PowerShell, or Bash to streamline investigation and remediation tasks.
- Collaborate with SOC, Incident Response, and Threat Hunting teams to identify repetitive processes and automate triage, containment, and recovery workflows.
- Partner with IT, Engineering, and Cloud Operations teams to integrate automated security controls into CI/CD and DevOps pipelines.
- Create dashboards, metrics, and reporting mechanisms to measure automation efficiency, performance, and operational outcomes.
- Maintain and document playbooks, workflows, and standard operating procedures (SOPs) to ensure repeatability, quality, and compliance, while providing technical mentorship to promote automation-first practices across security teams.
- Collaborate with Security Engineering leadership to align automation initiatives with the organization's global cybersecurity strategy and evaluate emerging AI-driven and cloud-native security automation technologies.