Security Automation Architect (SIEM/SOAR & AI)
New
P
Plain ConceptsCybersecurity
SpainFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 6+ years
- Required Skills
- QA Automation
Requirements
- 6+ years of experience in cybersecurity with a focus on Detection & Response, SOC operations, and security automation.
- Hands-on experience designing or implementing SIEM and/or SOAR platforms.
- Proven experience in AI-assisted workflows, agentic automation, or AI-enabled operational processes.
- Strong understanding of modern SOC operations across L1, L2, and L3 functions.
- Practical knowledge of identity, permissions, API integrations, and secure automation design.
- Experience developing detection use cases, incident response procedures, and SOC playbooks.
- Strong documentation skills for operational procedures, use case specifications, and technical architecture.
- Ability to work effectively with cross-functional stakeholders including analysts and engineering teams.
- Familiarity with query languages like KQL or SPL and MITRE ATT&CK framework.
- Understanding of alert enrichment, case management, and incident lifecycle management.
Responsibilities
- Analyze current SOC operating models and escalation flows to identify opportunities for AI-driven automation.
- Translate analyst procedures into structured, reusable, and automatable workflows and decision trees.
- Define AI agent roles, permissions, and human-in-the-loop models for sensitive security actions.
- Architect automation blueprints for detection, triage, incident response, and false-positive reduction.
- Mitigate risks related to automated security processes, such as prompt injection, data leakage, and hallucinations.
- Collaborate with security analysts, architects, and engineering teams to implement and refine SOC tooling integrations.
View Full Description & ApplyYou'll be redirected to the employer's site