Security Automation Engineer

Why we're hiring:

The Automation Engineer is responsible for designing, developing, and maintaining security automation solutions that enhance detection, response, workflow efficiency, and operational consistency across Operational Security. Working under the Automation Lead, this role builds high-quality SOAR playbooks, integrations, scripts, AI-assisted workflows, and orchestration pipelines to reduce manual workloads and support the Autonomic Security Operations (ASO) model.

What you'll be doing:

Core Responsibilities

Automation Engineering & Development

• Develop SOAR playbooks, workflows, and automations for alert triage, enrichment, containment, and remediation.
• Build scalable, reusable automation components, scripts, and integrations.
• Implement high-quality scripting using Python, PowerShell, and REST APIs.
• Ensure appropriate version control, QA, testing, and documentation of automation artefacts.
• Maintain reliability of automations by monitoring performance, exceptions, and system behaviour.

Platform Integration & Tooling Engineering

• Integrate SOAR with SIEM, EDR, TIP, cloud-native security tools, and case management systems.
• Engineer automation pipelines to support Microsoft and Google security ecosystems.
• Develop API integrations, webhooks, and event-driven automation triggers.
• Support data transformation, enrichment, and telemetry orchestration requirements.

AI / ML Automation Enablement

• Contribute to embedding AI/ML-driven enrichment and correlation logic into automated workflows.
• Support operationalisation of ML models for anomaly detection and decision support.
• Collaborate with data and detection teams to refine and enhance AI-enabled automation.

Workflow Engineering & Process Automation

• Translate SOPs, response runbooks, and detection workflows into automated processes.
• Identify automation opportunities to eliminate manual tasks across SecOps functions.
• Ensure automated processes remain consistent, auditable, and compliant with Operational Security standards.

Operational Collaboration & Support

• Work with Detection Engineering, Incident Response, Threat Hunting, and Threat Intelligence teams to automate use cases.
• Participate in post-incident reviews and embed improvements into automation workflows.
• Assist with tool evaluations, optimisation initiatives, and integration efforts led by the Automation Lead.

Continuous Improvement

• Contribute to a backlog of automation enhancements and new capabilities.
• Optimise accuracy, resilience, and efficiency across automation workflows.
• Ensure alignment with GCAT SOC10x principles, including 10X Technology, Process, Speed, and Visibility.

What you'll need:

Technical Expertise

• Experience with SOAR platforms such as Cortex XSOAR, Splunk SOAR, or Chronicle SOAR.
• Proficiency in Python and/or PowerShell for automation development.
• Strong understanding of REST APIs, JSON, and event-driven automation.
• Experience integrating SIEM, EDR, TIP, and cloud-native security tools.

Process & Operational Knowledge

• Understanding of workflows across SOC, Incident Response, Threat Hunting, and Detection Engineering.
• Ability to convert operational requirements and SOPs into engineered automation.
• Familiarity with playbooks, runbooks, and security process governance.

Collaboration & Delivery

• Strong communication and documentation skills.
• Ability to work in an engineering-led, automation-first culture.
• Experience working with cross-functional technical teams in security operations.

Certifications (Preferred)

• SOAR platform certifications.
• GIAC (GMON, GCTI, GCIH, GCDA).
• Python or scripting certifications.
• Azure or GCP cloud certifications.

Key Attributes

• Engineering-first mindset with strong attention to detail.
• Problem-solving orientation with a focus on automation and efficiency.
• Structured, methodical, and reliable approach to delivery.
• Commitment to operational excellence and continuous improvement.

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Hybrid