Key skills
Cortex XSOARSOAR platformsPlaybook developmentAutomation workflowsAPI integrationsPython scriptingSecurity engineeringSecurity automationSOC environmentIncident responseSIEM platformsCloud environmentsExecution-focusedPythonAWSAzureGCPIAMOktaSplunkServiceNowCloud Security
About this role
Brooksource is partnering with a leading media organization that has recently stabilized their Cortex XSOAR platform and is now looking to scale security automation across the SOC. The Security Automation Engineer role focuses on building playbooks, automations, and integrations to enhance incident response efficiency and reduce manual efforts.
Responsibilities:
- Build and enhance Cortex XSOAR playbooks and runbooks
- Develop end-to-end automation workflows for SOC processes
- Integrate XSOAR with tools across SIEM, EDR, IAM, vulnerability management, and cloud security platforms
- Automate alert triage, enrichment, and response actions
- Identify opportunities to better leverage existing security tools
- Improve usability and efficiency for SOC analysts
- Partner with SOC, incident response, and engineering teams to streamline workflows
Requirements:
- 3–5+ years of experience in security engineering or security automation
- Hands-on experience with Cortex XSOAR preferred, or similar SOAR platforms (Tines, Splunk Phantom, Swimlane, Chronicle, etc.)
- Experience building playbooks, automations, and integrations (API-driven)
- Strong scripting skills (Python preferred)
- Experience working within SOC or incident response environments
- Ability to operate in a hands-on, execution-focused role
- Experience with XSIAM or SIEM platforms (Splunk, Sentinel, QRadar, etc.)
- Familiarity with cloud environments (AWS, Azure, GCP)
- Experience integrating tools such as CrowdStrike, ServiceNow, Okta, etc