SOC Automation EngineerAs a SOC Automation Engineer, you will apply hands-on engineering expertise to design, build, and optimise automation workflows that improve the scalability and efficiency of SOC services. Working across SIEM, endpoint, and orchestration platforms (primarily Palo Alto XSOAR), you will reduce analyst workload, accelerate incident response, and enhance decision-making across customer environments.Key ResponsibilitiesAutomation Development - Design, build, and maintain scalable automation workflows across detection and response platforms.Integration & Orchestration - Deliver cross-platform automation enabling fast, reliable response actions.Lifecycle Management - Develop, deploy, and continuously optimise automation for performance, resilience, and coverage.Collaboration & Requirements Gathering - Work with SOC and engineering teams to identify automation opportunities.Documentation - Produce clear documentation to support delivery, troubleshooting, and continuous improvement.Automation Planning - Contribute to automation roadmaps, threat modelling, and use case development.Pre-Sales Support - Assist with demos, scoping, and proof-of-value activities where required.Core DutiesAutomation Design & DevelopmentBuild and maintain workflows across SIEM, EDR, and SOAR platformsDevelop reusable scripts, templates, and componentsEnsure solutions support secure, multi-tenant environmentsIntegration & Response AutomationOrchestrate containment, enrichment, and remediation actionsIntegrate with threat intelligence, cloud, vulnerability, and reporting toolsPartner with analysts to map and automate response processesLifecycle Management & OptimisationManage automation from design through to optimisationTroubleshoot failures and refine logicUse post-incident insights to improve workflowsDocumentation & StandardsMaintain clear documentation of workflows, dependencies, and error handlingEnsure consistency and usability for wider teamsStrategic ContributionSupport use cases aligned to threat modelling and MITRE ATT&CKContribute to automation playbooks and response strategiesStay current with tools, frameworks, and emerging threatsCollaborationEmbed automation into SOC workflowsShare best practices and support team developmentPre-SalesSupport workshops, onboarding, and solution design where neededStakeholder CollaborationSOC Analysts - Automate repeatable triage and response activitiesPlatform & Detection Engineers - Integrate automation into tooling and detectionsSales & Pre-Sales - Provide technical input for customer solutionsRequirements2+ years' experience in SOC, automation, or cloud security engineeringExperience in managed services or multi-tenant environmentsStrong experience building automations across SIEM, SOAR, or EDR platformsProficiency in scripting (e.g., Python, PowerShell)Experience working with APIs, webhooks, and authentication methodsKnowledge of threat frameworks (e.g., MITRE ATT&CK)Understanding of cloud security, identity, and event-driven automationStrong communication and analytical skillsSecurity clearance (NPPV and/or SC) may be required.Technical KnowledgeSecurity orchestration and automation principlesScripting and integration patterns (APIs, webhooks)SOC detection and response workflowsThreat intelligence integration and use case designCloud and identity security conceptsMulti-tenant automation designCertificationsEssential:Hands-on experience with Palo Alto XSOARDesirable:Palo Alto Networks Certified XSOAR EngineerPalo Alto Networks Certified Security Automation Engineer (PCSAE)Palo Alto Networks Security Operations Professional