Browse
···
Log in / Register
Job Summary: We are seeking a DevOps Security Engineer specialized in SOAR automation to design and implement advanced cybersecurity solutions. Key Highlights: 1. Design, implement, and operate SOAR playbooks and analytical agents. 2. Collaborate with SOC, Threat Intelligence, and SecOps teams for continuous improvement. 3. Develop and maintain security analytics agents. **DevOps Security Engineer – SOAR Automation \& Agents** Spain / Remote At Excelia, we are looking for a **DevOps Security Engineer specialized in SOAR automation** to join our cybersecurity team and contribute to the design and implementation of advanced solutions that enhance the efficiency and response capability of our SOC. We seek a technical profile with experience in automation, integration, and development of SOAR playbooks, who wishes to work in innovative environments focused on automation, threat intelligence, and continuous improvement of security processes. Your Mission Design, implement, and operate SOAR playbooks and analytical agents integrated into SOC workflows, ensuring resilience, quality, and impact measurement through reduced manual intervention and improved metrics such as MTTA and MTTR. Responsibilities * Design and develop SOAR playbooks for triage, CTI enrichment, incident containment, and notification. * Build and maintain security analytics agents, including: + URL analysis (reputation, heuristics, ML/NLP). + Email analysis (headers, content, and attachments). * Manage the rule catalog and translate Sigma rules into specific formats (XQL, KQL, SPL, etc.). * Integrate SOAR systems with CTI feeds, SIEM/XDR tools, and ticketing platforms (ServiceNow, Jira). * Measure, optimize, and continuously improve playbooks (efficiency, errors, response times). * Ensure compliance with security best practices, auditing, and access controls. * Collaborate with SOC, Threat Intelligence, and SecOps teams on continuous process improvement. Requirements * 3–5 years of experience in automation and integration, with at least 1–2 years working with SOAR platforms such as: + Cortex XSOAR / XSIAM + Microsoft Sentinel + Devo + Splunk SOAR * Experience in designing and implementing incident response playbooks. * Proficiency in **Python**, and experience working with REST APIs, webhooks, and messaging systems. * Experience in scripting with **PowerShell and/or Bash**. * Practical experience with **SIEM and XDR** platforms. * Ability to interpret and translate **Sigma** rules. * Knowledge of frameworks such as **MITRE ATT\&CK and NIST**. * Experience in email artifact analysis and phishing detection. * Knowledge of offensive and defensive cybersecurity techniques. * Understanding of automation best practices: observability, idempotency, retries, timeouts, etc. Nice-to-Have * Experience integrating AI capabilities into automations (LangChain, transformers). * Experience with sandboxing and reputation analysis (VirusTotal, URLHaus, etc.). * Experience with XDR platforms (Microsoft Defender, CrowdStrike). * Practical experience with Cortex XSOAR/XSIAM, Devo, or Defender XDR. * Experience in continuous improvement and optimization of automation processes. Valuable Certifications * Microsoft SC\-200 (Security Operations Analyst) * Palo Alto Cortex XSOAR / XSIAM * CompTIA Security\+ * GIAC (GCIA, GCSA) * AWS DevOps Engineer * Microsoft Certified: Security Operations Analyst If you are passionate about automation applied to cybersecurity and want to join a growing team, we would love to meet you!
