Remote SOC Automation Engineer (Python / SOAR / LLM Integrations)

at DeepSource Technologies

Posted 3 days ago 0 applied

Description:

  • The SOC Automation Engineer will design, build, and maintain SOC automation workflows for L1 triage, alert enrichment, and response using SOAR tools such as Cortex XSOAR, Splunk SOAR, and n8n.
  • The role involves developing modular, agent-based pipelines using Python or TypeScript, ideally in an event-driven manner or orchestrated via tools like n8n or Apache Airflow.
  • The engineer will integrate threat intelligence APIs, including VirusTotal, AbuseIPDB, Shodan, MISP, and OpenCTI.
  • Collaboration with the AI team is required to interface LLMs into enrichment and summarization steps, utilizing models such as GPT, Claude, and Mistral.
  • The position includes contributing to architectural design and data flow models, such as timeline graphs and observables.
  • The engineer is expected to write clean, testable code and deploy it in cloud-based environments like AWS or GCP.

Requirements:

  • Candidates must have 5–10+ years of experience in cybersecurity, DevSecOps, or SOC automation.
  • Proficiency in programming languages such as Python, JavaScript/TypeScript, or Golang is required.
  • Hands-on experience with at least one SOAR or workflow automation platform, such as Cortex XSOAR, Phantom, TheHive, Shuffle, StackStorm, or n8n, is necessary.
  • A strong understanding of SIEM tools, including Splunk, Sentinel, QRadar, or Wazuh, is essential.
  • Experience with threat intelligence feeds, EDR/XDR tools, and incident response logic is required.
  • Familiarity with RESTful APIs and webhook/event-driven architectures is necessary.
  • Experience with AI/ML models, particularly LLMs or agent frameworks, is considered a bonus.

Benefits:

  • The position offers the opportunity to work on cutting-edge SOC automation technologies and tools.
  • Employees will have the chance to collaborate with a talented AI team, enhancing their skills in LLM integrations.
  • The role provides exposure to cloud-based environments, fostering professional growth in cloud technologies.
  • There are opportunities for continuous learning and development in the rapidly evolving field of cybersecurity and automation.