Security Automation Engineer (SOAR/XSOAR)
Role focused on designing, building, and maintaining automated response capabilities using Palo Alto Cortex XSOAR within a Managed Detection & Response (MDR) context. The position emphasizes security automation, orchestration, and automation content that is version-controlled, tested, and continuously improved.
Key Responsibilities
Security Automation & Playbook Development
* Design, build, and maintain response playbooks in Cortex XSOAR for common and advanced security incidents.
* Translate detection alerts from SIEM and XDR platforms into automated investigation and response flows.
* Implement conditional logic, enrichment steps, human-in-the-loop approvals, and automated containment actions.
SOAR as Code
* Manage playbooks, integrations, scripts, and content packs using version control (Git).
* Apply software engineering best practices such as modularity, reusability, testing, and peer review.
* Contribute to standardized automation frameworks that can be reused across customers.
Platform Integrations
* Build and maintain integrations between XSOAR and SIEM/XDR/EDR, ITSM tools, identity, network, and cloud security controls.
* Troubleshoot and optimize integrations for reliability, performance, and scalability.
* Collaborate with Detection Engineering and Incident Response teams to define automated investigation steps, response actions and containment strategies, escalation and handover points to analysts.
* Continuously improve response quality based on real incident feedback.
Automation Lifecycle Management
* Maintain and evolve the automation content library.
* Tune playbooks to reduce noise, false positives, and manual effort.
* Ensure automation aligns with customer environments, risk appetite, and operational maturity.
Documentation & Knowledge Sharing
* Produce clear, structured documentation for playbooks, integrations, and response logic.
* Enable SOC analysts to understand, trust, and effectively use automated responses.
* Share best practices and lessons learned across teams.
Subject Matter Expertise
* Act as a trusted advisor for customers and internal teams on SOAR and security automation.
* Stay up-to-date with new XSOAR features, response techniques, and industry trends in automated incident response.
Your Profile
* You are passionate about IT security and automation, with several years of relevant professional experience.
* You have hands-on experience with SOAR platforms, preferably Palo Alto Cortex XSOAR.
* You are comfortable building response playbooks and automations end-to-end.
* You strongly believe in automation as code and have experience with Git-based workflows.
* Basic system engineering knowledge (Windows, Linux, networking, identity) is a plus.
* You have experience integrating security platforms such as SIEM, XDR, EDR, IAM, or ITSM tools.
* You understand security operations and incident response processes.
* You communicate smoothly in Dutch and English (written and oral). French is a plus.
* You are analytical, structured, and not afraid to challenge existing processes to improve them.
#J-18808-Ljbffr