Role Overview
- AI-native SOC transformation
- Analyze current SOC operating models, L1/L2 activities, escalation flows and response procedures.
- Identify opportunities to automate, augment or redesign detection and response processes using AI automation and agentic workflows.
- Translate analyst knowledge into structured, reusable and automatable workflows.
- Define how AI agents can support alert triage, enrichment, investigation, prioritization and response.
- Establish clear boundaries between autonomous actions, AI-assisted recommendations and human decision points.
- Help organizations evolve from traditional SOC processes to AI-enabled security operations.
- Detection & Response automation architecture
- Define automation blueprints for common detection and response use cases.
- Convert incident response playbooks into structured workflows.
- Define decision trees, enrichment steps, evidence requirements and output formats.
- Support the design of automated triage, false positive reduction and incident prioritization.
- Create reusable patterns for investigation, containment, escalation and reporting.
- Ensure automation is reliable, explainable and operationally useful for SOC teams.
- Agentic security operations design
- Define agent roles, responsibilities, permissions and execution boundaries.
- Design human-in-the-loop models for sensitive or high-impact actions.
- Define approval workflows, escalation paths and confidence thresholds.
- Ensure agent recommendations are explainable, traceable and auditable.
- Define logging and evidence requirements for AI-assisted decisions.
- Identify and mitigate risks such as unsafe automation, hallucination, excessive permissions, prompt injection, data leakage or incorrect response actions.
- Work with AI engineering teams to ensure agentic workflows are secure, controlled and aligned with security operations needs.
- SIEM, SOAR and security tooling integration
- Human-in-the-loop operating model
- Continuous improvement and operational impactRelevant technology exposure
Requirements
- 6+ years of experience in cybersecurity, with strong background in Detection & Response, SOC operations, security automation, SIEM engineering or security architecture.
- Proven experience designing or implementing AI automation, AI-assisted workflows, agentic automation or AI-enabled operational processes.
- Strong understanding of how modern SOCs operate across L1, L2 and L3 functions.
- Experience designing or improving detection use cases, triage processes, incident response procedures and SOC playbooks.
- Hands-on experience with SIEM and/or SOAR platforms.
- Ability to translate analyst procedures into structured workflows, decision trees and automation requirements.
- Good understanding of alert enrichment, case management, incident lifecycle management and escalation models.
- Practical understanding of identity, permissions, API integrations and secure automation design.
- Ability to work with SOC analysts, security architects, engineering teams and senior client stakeholders.
- Strong documentation skills, especially for operational procedures, use case specifications and technical architecture.
- Ability to design automation that works in real SOC environments, not just theoretical diagrams.
Desirable experience with:
- Microsoft Sentinel, Defender XDR or Microsoft Security Copilot.
- Microsoft Foundry or Azure AI-based automation.
- Agentic AI workflows in cybersecurity or IT operations.
- Loop generation and maintenance
- SOC automation / SOAR implementation.
- Logic Apps, Azure Functions or automation runbooks.
- KQL, SPL or equivalent SIEM query languages.
- Detection engineering and MITRE ATT&CK mapping.
- Threat intelligence enrichment.
- Incident response automation.
- XDR / EDR platforms and cloud security operations.
- Case management integration.
- Enterprise SOC transformation programs.
- MDR/MSSP operating models.
- Purple teaming or detection validation.
- DevSecOps or infrastructure automation.
- GRC/control evidence automation for security operations.
Tech Stack
- Azure
- Cloud
- Cyber Security
Benefits
- Salary determined by the market and your experience 🤑
- Flexible schedule 35 Hours / Week 😎
- Fully remote work (optional) 🌍
- Flexible compensation (restaurant, transport, and childcare) ✌
- Fully free health insurance, with a co-payment for dental services 🚑
- Individual budget for training or equipment and free Microsoft certifications 📚
- English lessons 🗽
- Birthday day off 🌴🥳
- Monthly bonus for electricity and Internet expenses at home 💻
- Discount on gym plan and sports activities 🔝
- Plain Camp (annual team-building event) 🎪
- Extra perks: events attendance and speakers, welcome pack, baby basket, Christmas basket, discount portal for employees ➕ The pleasure of always working with the latest technological tools!