SOC Automation Engineer (Python / SOAR / LLM Integrations)

• Design, build, and maintain SOC automation workflows for L1 triage, alert enrichment, and response using SOAR tools (Cortex XSOAR, Splunk SOAR, n8n, etc.)
• Develop modular, agent-based pipelines using Python or TypeScript (ideally event-driven or orchestrated via n8n, Apache Airflow, etc.)
• Integrate threat intelligence APIs (VirusTotal, AbuseIPDB, Shodan, MISP, OpenCTI)
• Collaborate with AI team to interface LLMs into enrichment/summarization steps (e.g., GPT, Claude, mistral, etc.)
• Contribute to architectural design and data flow models (timeline graphs, observables)
• Write clean, testable code and deploy in cloud-based environments (AWS/GCP)

• 5–10+ years of experience in cybersecurity, DevSecOps, or SOC automation
• Proficiency in Python, JavaScript/TypeScript, or Golang
• Hands-on with at least one SOAR or workflow automation platform (e.g., Cortex XSOAR, Phantom, TheHive, Shuffle, StackStorm, n8n)
• Strong understanding of SIEM tools (e.g., Splunk, Sentinel, QRadar, Wazuh)
• Experience with threat intelligence feeds, EDR/XDR tools, and incident response logic
• Familiarity with RESTful APIs, webhook/event-driven architectures
• (Bonus) Experience with AI/ML models (especially LLMs or agent frameworks)

DeepSource.ai