Job Title: SOAR Engineer – Microsoft Sentinel & Automation Development
Job Description:
We are looking for a dynamic SOAR Engineer to join our cybersecurity team, specializing in automation and orchestration using Microsoft Sentinel. The ideal candidate will have deep expertise in developing Logic App playbooks and hands-on experience with Power Automate, Power Apps, Python scripting, and Microsoft Security Copilot. This role demands a strong development mindset to build scalable, secure, and efficient automation workflows that enhance incident response and SOC efficiency.
Key Responsibilities:
Design, develop, and maintain SOAR playbooks using Azure Logic Apps in Sentinel.
Automate threat response, enrichment, and remediation tasks by integrating external APIs and tools.
Build custom solutions using Python, Power Automate, Power Apps, and REST APIs.
Collaborate with security analysts to translate manual tasks into automated workflows.
Integrate Microsoft Security Copilot capabilities into response operations.
Maintain version control and documentation of automation logic and scripts.
Ensure proper RBAC and security controls in all automations.
Required Skills:
3+ years of experience with Microsoft Sentinel and Logic Apps.
Strong scripting and automation skills in Python, PowerShell, or Bash.
Experience with REST APIs, webhooks, JSON, and OAuth.
Hands-on with Power Platform: Power Automate, Power Apps.
Familiarity with Microsoft Security Copilot and its integration use cases.
Understanding of incident lifecycle, MITRE ATT&CK, and security operations workflows.
Nice to Have:
Experience with other SOAR platforms like Palo Alto XSOAR, Splunk SOAR, or Tines.
Azure Functions, Bicep/ARM templates knowledge.
Familiarity with secure coding practices and DevOps pipelines.
Soft Skills:
Problem-solving mindset with the ability to work independently.
Strong documentation and knowledge-sharing skills.
Effective communication to work with SOC teams, clients, and engineering teams.
