A job at Proximus? You’ll find that everything revolves around the idea ‘Think Possible’. This means: we always assume that something is possible, even if it seems impossible. Well, especially so, actually. Call it a way of thinking that involves being open to a world of digital solutions that make our lives easier. And our way of working smarter.
We are Team possible – the people behind Davinsi Labs, Proximus, Proximus NXT, Codit, Proximus Ada, and more. Nice to see you here!
United by a shared purpose, we’re building a smarter, trustful and more connected world.
That means embracing technology and celebrating change. We think possible and then make it possible. And of course, we love what we do.
Sounds like your kind of place?
Your job
What can you expect from the job?
You will join our Managed Detection & Response (MDR) teams with a strong focus on security automation and orchestration. As a Security Automation Engineer, your primary responsibility is to design, build, and maintain automated response capabilities using Palo Alto Cortex XSOAR.
Your work will directly impact how efficiently and consistently security incidents are handled across complex customer environments. You will help scale our MDR service by translating detection signals into automated, reliable, and auditable response workflows.
We strongly believe in SOAR as code: automation content is version-controlled, tested, and continuously improved.
You will contribute to and integrate with the following technologies:
1. Palo Alto Cortex XSOAR
2. Microsoft Defender XDR and other XDR platforms
3. SIEM platforms (Microsoft Sentinel and others)
4. ITSM platforms (ServiceNow and equivalents)
5. Cloud, identity, network, and third-party security tooling
Key Responsibilities
Security Automation & Playbook Development
6. Design, build, and maintain response playbooks in Cortex XSOAR for common and advanced security incidents.
7. Translate detection alerts from SIEM and XDR platforms into automated investigation and response flows.
8. Implement conditional logic, enrichment steps, human-in-the-loop approvals, and automated containment actions.
SOAR as Code
9. Manage playbooks, integrations, scripts, and content packs using version control (Git).
10. Apply software engineering best practices such as modularity, reusability, testing, and peer review.
11. Contribute to standardized automation frameworks that can be reused across customers.
Platform Integrations
12. Build and maintain integrations between XSOAR and: SIEM platforms o XDR / EDR solutions ITSM tools (incident creation, updates, closures) o Identity, network, and cloud security controls
13. Troubleshoot and optimize integrations for reliability, performance, and scalability.
Incident Response Enablement
14. Collaborate closely with Detection Engineering and Incident Response teams to define: Automated investigation steps o Response actions and containment strategies o Escalation and handover points to analysts
15. Continuously improve response quality based on real incident feedback.
Automation Lifecycle Management
16. Maintain and evolve our automation content library.
17. Tune playbooks to reduce noise, false positives, and manual effort.
18. Ensure automation aligns with customer environments, risk appetite, and operational maturity.
Documentation & Knowledge Sharing
19. Produce clear, structured documentation for playbooks, integrations, and response logic.
20. Enable SOC analysts to understand, trust, and effectively use automated responses.
21. Share best practices and lessons learned across teams.
Subject Matter Expertise
22. Act as a trusted advisor for customers and internal teams on SOAR and security automation.
23. Stay up-to-date with new XSOAR features, response techniques, and industry trends in automated incident response.
Your Profile
Your profile
24. You are passionate about IT security and automation, with several years of relevant professional experience.
25. You have hands-on experience with SOAR platforms, preferably Palo Alto Cortex XSOAR.
26. You are comfortable building response playbooks and automations end-toend.
27. You strongly believe in automation as code and have experience with Gitbased workflows.
28. Basic system engineering knowledge (Windows, Linux, networking, identity) is a plus.
29. You have experience integrating security platforms such as SIEM, XDR, EDR, IAM, or ITSM tools.
30. You understand security operations and incident response processes.
31. Experience with scripting (Python, JavaScript) is a strong plus.
32. You communicate smoothly in Dutch and English (written and oral). French is a plus.
33. You are analytical, structured, and not afraid to challenge existing processes to improve them.
This is what to expect
34. Drive positive change with confidence, turning bold ideas into solutions to remain at the forefront of technology
35. Keep on learning, evolving, and building your career in a digital space that truly supports your growth journey
36. Real connections power real progress. Collaboration is how you will transform challenges into new opportunities.
37. Be welcomed for exactly who you are. Your unique perspective and identity will strengthen our team.
38. Design your balance with work options and a culture that lets you excel in your role and enjoy life outside of work.
39. Enjoy bonus, medical coverage, flexible mobility options, family-friendly perks, meal vouchers, telecom discounts, and other cool benefits designed to support you every step of the way.
The salary is based on a clear salary scale, which takes into account professional experience, skills, and seniority. The recruiter will inform you of the applicable range before the first interview.
Want to dive deeper? Learn more about our culture & our benefits
About us
Davinsi Labs, part of Proximus Group and based in Antwerp, specializes in Digital Service Intelligence by helping businesses securely manage and optimize their data and digital services to enable accurate, real-time, data-driven decisions through solutions in security intelligence, operational intelligence, and digital business intelligence.
What do we offer you?
40. We are 100% Belgian. So we make decisions in three languages. And all at the same time if you like!
41. We are open to everyone: M, W, X, and in fact all the other letters of the alphabet.
42. We encourage personal growth. At the Proximus Academy, you won't even want to miss a session.
43. We are, of course, committed to sustainability. What else did you think?
44. We firmly believe that working together is important, but that having fun together is even more so. That is why we regularly organise fun activities. (Please let us know if you have a talent for playing Santa Claus!)
45. We believe in responsibility. Also in yours. For example, you can take it to launch your own initiatives.
46. We put our customers first. And because we are all customers somewhere, you already know what that means. That’s good.
47. And the ever-important work-life balance? We keep it in the right place.
Naturally we have a competitive salary package for you. Click (or apply) to discover what else we offer.