GuidePoint SecurityRemote
Security Automation Engineer (SOAR) - Mid-Atlantic region (Remote)
United States of America
Full Time
1 day ago
No H1B
Key skills
PythonAIClaudeAgenticAWSAzureSplunkGitVersion ControlServiceNowJira
About this role
GuidePoint Security is a rapidly growing cybersecurity company that provides trusted expertise and solutions to help organizations minimize risk. They are seeking a Security Automation Engineer to design and build security automation workflows, integrating various security systems and enhancing operational efficiency.
Responsibilities:
- 5+ years in security operations with a working understanding of how a SOC functions end to end (alert triage, escalation, incident response, case management)
- 3+ years specifically designing and building security automation/orchestration workflows
- Hands-on experience on at least one SOAR/automation platform; Tines, Torq, or Cortex XSOAR preferred
- Proficiency integrating security and IT systems via REST APIs, webhooks, and JSON
- Scripting ability, primarily Python, for custom logic, data transforms, and handling within automated workflows
- Working knowledge of the tooling categories automations connect to: SIEM, EDR/XDR, ticketing (ServiceNow, Jira), threat intelligence, and email security
- Ability to decompose a manual security process into a reliable automated workflow, including error handling, conditional logic, and secure runs
- Familiarity using LLMs in a development and automation context, including AI assisted or agentic coding tools such as Claude Code or Codex; exposure to MCP based integrations is a plus
- Ability to independently scope automation requirements with clients and translate them into a build plan
- Platform or vendor certifications: Tines, Torq, Cortex XSOAR; or SIEM/EDR certs (such as Splunk, Microsoft Sentinel, CrowdStrike)
- Cloud experience (AWS or Azure) and familiarity with cloud native security tooling
- Prior delivery experience in a consulting, professional services, or MSSP environment
- Detection engineering exposure in areas such as detections-as-code (DaC), Sigma, or similar
- Version control and automation-as-code practices (Git or similar repo controls)
Requirements:
- 5+ years in security operations with a working understanding of how a SOC functions end to end (alert triage, escalation, incident response, case management)
- 3+ years specifically designing and building security automation/orchestration workflows
- Hands-on experience on at least one SOAR/automation platform; Tines, Torq, or Cortex XSOAR preferred
- Proficiency integrating security and IT systems via REST APIs, webhooks, and JSON
- Scripting ability, primarily Python, for custom logic, data transforms, and handling within automated workflows
- Working knowledge of the tooling categories automations connect to: SIEM, EDR/XDR, ticketing (ServiceNow, Jira), threat intelligence, and email security
- Ability to decompose a manual security process into a reliable automated workflow, including error handling, conditional logic, and secure runs
- Familiarity using LLMs in a development and automation context, including AI assisted or agentic coding tools such as Claude Code or Codex; exposure to MCP based integrations is a plus
- Ability to independently scope automation requirements with clients and translate them into a build plan
- Platform or vendor certifications: Tines, Torq, Cortex XSOAR; or SIEM/EDR certs (such as Splunk, Microsoft Sentinel, CrowdStrike)
- Cloud experience (AWS or Azure) and familiarity with cloud native security tooling
- Prior delivery experience in a consulting, professional services, or MSSP environment
- Detection engineering exposure in areas such as detections-as-code (DaC), Sigma, or similar
- Version control and automation-as-code practices (Git or similar repo controls)