Automation / SOAR Engineer – Senior

Location: National Capital Region (Washington, DC) – Hybrid/Onsite
Clearance: Must be able to pass background check (US work authorization required)

Salary: $150,000-$160,000

Position Overview

We are seeking a Senior Automation / SOAR Engineer to support enterprise cybersecurity operations by designing, implementing, and optimizing security automation and orchestration capabilities. This role is focused on improving incident response speed, consistency, and operational efficiency through the development of automated workflows, integrations, and playbooks across security platforms.

Key Responsibilities

• Design, develop, test, and maintain SOAR playbooks and automated security workflows
• Integrate SOAR and SIEM platforms with:
  • Ticketing systems (ServiceNow, etc.)
  • Endpoint security tools
  • Identity and access systems
  • Vulnerability management platforms
  • Threat intelligence feeds
• Automate incident response activities including:
  • Alert triage
  • Data enrichment
  • Case routing and escalation
  • Documentation and reporting
• Develop automation scripts and integrations using Python, PowerShell, Bash, REST APIs, and similar technologies
• Collaborate with SOC analysts, incident responders, and stakeholders to identify automation opportunities
• Optimize workflows to reduce false positives and manual workload
• Maintain documentation, SOPs, implementation plans, and training materials
• Track and report automation performance, effectiveness, and operational improvements

Required Qualifications

• 5–8+ years of experience in:
  • Cybersecurity engineering
  • SOC operations or automation
  • SOAR/SIEM implementation
• 3+ years of hands-on experience building:
  • Security automation workflows
  • Playbooks and orchestration capabilities
• Experience integrating SOAR/SIEM with enterprise security tools and systems
• Experience supporting automation in:
  • Incident response
  • Alert triage and enrichment
  • Case management

Technical Skills

• Strong scripting and automation experience:
  • Python, PowerShell, Bash
  • REST APIs, JSON, webhooks
  • Git or version control
• Experience with security tools such as:
  • Splunk, Microsoft Sentinel, Elastic
  • CrowdStrike, Microsoft Defender (MDE)
  • Tenable, Rapid7
  • ServiceNow, Tanium
• Experience building automation for:
  • Phishing response
  • Endpoint alert enrichment
  • Vulnerability workflows
  • Incident routing and escalation

Education

• Bachelor’s degree in Cybersecurity, IT, Computer Science, Engineering, or related field (or equivalent experience)

Certifications (Preferred)

• SOAR / SIEM / Security certifications such as:
  • Cortex XSOAR, Splunk SOAR, Swimlane
  • Microsoft Sentinel
  • CISSP, CASP+, CySA+, Security+
  • Cloud security certifications

Additional Qualifications

• Knowledge of:
  • MITRE ATT&CK framework
  • NIST 800-61 incident response lifecycle
  • SOC operational processes
• Ability to document workflows and train SOC teams
• Strong analytical and problem-solving skills

Nice to Have

• Experience in federal or regulated environments
• Familiarity with enterprise-scale cybersecurity operations
• Experience optimizing SOC performance metrics

Ideal Candidate Profile

• Hands-on builder (not just admin) of automation/playbooks
• Strong integration/API background
• Experienced in operational SOC environments
• Comfortable working cross-functionally with engineering and operations