Automation Engineer (Security)
Role Overview
* Job Title: Automation Engineer (Security)
* Department: Technology
* Reports to: Head of Information Security
* Location: Hybrid, London (3 days a week in the office)
* Salary: £70,000 to £80,000 base
The Position This is a hands-on, builder-focused role centered on designing, building, and shipping AI and automation solutions to scale the security team's capabilities. You will focus on replacing manual, repetitive security work with reliable automated workflows and intelligent agents. Rather than triaging alerts by hand, you will build the systems that triage them, integrating security tooling and wiring up LLM-driven pipelines to keep the business safe without slowing it down.
Key Responsibilities
* Security Automation Engineering:
* Design, build, and maintain automation to remove manual toil across detection, triage, response, and reporting.
* Integrate security tooling (SIEM, EDR, IAM, cloud, ticketing) into seamless, reliable workflows.
* Build and maintain SOAR-style playbooks and pipelines for enrichment, containment, and response.
* Own the deployment, monitoring, and reliability of the automation tools you ship.
* AI & Agent Development:
* Build LLM-powered tools and autonomous agents for alert triage, threat summarization, runbook generation, and incident documentation.
* Develop and refine prompts, guardrails, and evaluations to ensure AI workflows are safe and dependable in production.
* Prototype, test, and ship AI-assisted approaches to threat hunting, log analysis, and security operations.
* Tooling & Integrations:
* Develop integrations and APIs connecting security tools to internal systems and data sources.
* Write clean, maintainable, and well-tested code.
* Maintain and improve internal libraries, documentation, and shared automation infrastructure.
* Collaboration & Enablement:
* Partner with the security team to identify the highest-leverage automation opportunities.
* Document workflows clearly so the team can operate, trust, and extend your builds.
* Automate evidence collection and control testing for compliance frameworks (ISO 27001, SOC 2, NIST CSF).
Requirements
* 2–4 years of experience in software engineering, automation/DevOps, security engineering, or a related hands-on building role (including internships or apprenticeships).
* Strong scripting and programming skills, particularly in Python, with a track record of building API integrations.
* Experience building automation workflows using SOAR platforms, CI/CD, or workflow orchestration tools (e.g., n8n, Tines, Zapier).
* Practical, hands-on experience building with LLMs (APIs, prompt engineering, and ideally agents), rather than just using them as chat assistants.
* Comfortable working in cloud environments, particularly AWS, with an understanding of IAM, logging, and serverless or container-based deployment.
* A solid grasp of core security concepts (incident response lifecycle, common vulnerability classes, MITRE ATT&CK framework), or the drive to ramp up quickly.
* Clear written and verbal communication in English, with the ability to document systems for both technical and non-technical audiences.
Good to Have
* Experience with SOAR or workflow-automation platforms like Tines, Torq, or n8n.
* Hands-on experience deploying AI agents or LLM-powered applications in production.
* Familiarity with security tooling such as SIEM, EDR, WAF, or vulnerability scanners (e.g., Semgrep, SonarQube, Coana).
* Experience with infrastructure-as-code (Terraform), containers, and CI/CD pipelines.
* Familiarity with compliance frameworks like ISO 27001, SOC 2, or NIST CSF.