XSOAR Security Automation Engineer

XSoar Security Automation Engineer

12 week project, one travel day into San Diego for the kick-off, then fully remote

Core Responsibilities (XSOAR Ownership)

• Design, build, and optimize Cortex XSOAR playbooks aligned to defined SOC use cases.
• Implement and maintain XSOAR ingestion and response workflows for incidents originating from Splunk Enterprise Security.
• Configure and manage bidirectional incident mirroring and field mapping between XSOAR and Splunk Enterprise Security.
• Develop and maintain XSOAR automations and scripts (Python-based) to support enrichment, routing, and response actions.
• Integrate XSOAR with Microsoft Defender and Proofpoint for phishing and security event enrichment.
• Implement workflow logic for phishing triage, investigation, and response actions within XSOAR.
• Ensure error handling, retries, idempotency, and audit logging are implemented to support production SOC operations.
• Tune incident layouts, task structures, and playbook UX based on SOC analyst feedback.
• Participate in sprint demos, working sessions, and feedback cycles focused on XSOAR functionality.
• Produce XSOAR-specific operational documentation including playbook runbooks and configuration notes.
• Provide post-deployment tuning and hyper-care support for XSOAR workflows.

Explicitly Out of Scope for This Role

• Overall solution architecture and platform-wide design decisions (owned by Lead Architect).
• Security control definition, compliance interpretation, and governance (owned by Security Architect).
• LLM prompt engineering, AI model development, or summarization logic (owned by LLM Developer).
• Program management, stakeholder management, or delivery leadership responsibilities. Required Qualifications
• 3–7 years of experience in Security Operations, Security Engineering, or SOAR-focused roles.
• Hands-on, production experience with Palo Alto Networks Cortex XSOAR including playbook development and integrations.
• Experience integrating XSOAR with SIEM platforms, preferably Splunk Enterprise Security.
• Proficiency in Python for XSOAR automations and API-based integrations.
• Experience implementing phishing response workflows and email security automations.
• Strong understanding of SOC workflows, incident triage, and analyst operations.
• Experience working in agile or sprint-based delivery models.
• Ability to operate independently as the sole XSOAR-focused engineer while collaborating with adjacent roles.

Preferred Qualifications

• Prior experience acting as the primary XSOAR engineer on an enterprise SOC implementation.
• Experience supporting regulated or compliance-driven environments.
• Consulting or professional services delivery background.

Experience stabilizing and supporting SOAR platforms in production environments