BrooksourceRemote
Automation Engineer
United States of America
Contract
1 week ago
$65 - $70 USD
H1B Sponsor Likely
Key skills
SOAR automation engineeringCortex XSOARPython scriptingREST API integrationSecurity operationsIncident responseDetection engineeringSOC workflowsSIEM platformsSplunkCloud security automationAWSAzureGCPPythonPowerShellREST APICommunicationCloud Security
About this role
Brooksource is seeking an experienced Automation Engineer to help build and expand their next-generation security automation capabilities. This hands-on engineering role involves co-owning the design and implementation of the Cortex XSOAR platform, ensuring its reliability and performance, and developing scalable automations for incident response and threat detection.
Responsibilities:
- Co-own the design, implementation, and ongoing evolution of the Cortex XSOAR platform, operating as a peer to the existing automation engineer
- Support the rebuild and maturation of a currently non-mature XSOAR environment, including:
- Platform health monitoring
- Core integrations
- Data enrichment workflows
- Development and testing environments
- Build, test, and maintain advanced XSOAR playbooks, sub-playbooks, and automations using Python, PowerShell, and REST APIs
- Develop scalable automations across incident response, threat detection, and vulnerability management use cases
- Integrate XSOAR with SIEM, EDR, ticketing systems, cloud platforms, and other security tooling
- Identify high-impact automation opportunities, gather requirements, and translate them into end-to-end technical solutions
- Ensure the reliability, performance, and maintainability of automation pipelines in production environments
- Design and implement API-driven integrations for data ingestion, enrichment, and automated response
- Build or extend custom integrations using REST APIs, including authentication, error handling, and data transformation
- Collaborate with teams working across AWS, Azure, or GCP to enhance cloud security automation and response workflows
Requirements:
- 5+ years of hands-on SOAR automation engineering experience, with significant ownership of Cortex XSOAR (Demisto) implementations
- Demonstrated experience owning or operating a SOAR platform end to end, with accountability for how integrations, playbooks, enrichment, and monitoring function together as a system
- Strong Python scripting experience, used directly within SOAR platforms for automation logic and integrations
- Experience building and integrating REST API–based workflows with third-party systems
- Background in security operations, incident response, or detection engineering, with a strong understanding of SOC workflows
- Hands-on experience with Splunk or other SIEM platforms
- Strong troubleshooting, problem-solving, and communication skills
- Comfortable working in a fully remote, highly collaborative environment
- Prior experience standing up or rebuilding SOAR platforms in immature or evolving environments
- Experience supporting health monitoring and resiliency for automation platforms
- Cloud security experience across AWS, Azure, or GCP
- Experience automating security workflows at large enterprise scale