Role & seniority: Lead Automation Engineer (senior-level, lead role)

Stack/tools: Torq Hyperautomation and other SOAR platforms (XSOAR, Splunk SOAR, LogicHub, Swimlane); JSON manipulation/parsing; API integrations; SIEM/EDR/XDR tooling; Python/PowerShell/Bash; REST/JSON APIs; webhook automation; CI/CD pipelines; cloud platforms (AWS/Azure/GCP)

Top 3 responsibilities

Develop and optimize scalable automation workflows within Torq or other SOAR platforms
Build API integrations between security tools (SIEMs, EDR/XDR, case management, cloud services) and enable seamless data exchange
Streamline incident response automation to reduce MTTR and improve event correlation; design fault-tolerant processes; lead migrations and CI/CD improvements

Must-have skills: 1+ year in security automation/SOAR or cybersecurity automation in MSSP/DFIR/enterprise; strong JSON design, parsing, and data transformations; scripting in Python/PowerShell/Bash; API development/integration (REST/JSON); experience with SIEMs and EDR/XDR tools
Nice-to-have: multi-client MSSP/IR experience; hands-on with Torq, XSOAR, Splunk SOAR, or similar; relevant certifications (Torq SOAR Analyst/Expert, Security+, cloud security certs); JQ data filtering; CI/CD familiarity (Azure DevOps); cloud security automation; experience leading SOAR migrations and cross-platform playbooks
Location & work type: Location: Sri Lanka; full-time role focused on 24/7 SOC/IR automation work (on-sit

Full Description

Lead Automation Engineer

Role Definition · We are expanding our Automation Team and are seeking a skilled Automation Engineer with experience in SOAR or Hyperautomation platforms within an MSSP, Incident Response (IR), or multi-client security environment. · This role will focus on developing, managing, and optimizing automation workflows using Torq Hyperautomation or similar SOAR platforms. · The ideal candidate will be highly proficient in JSON manipulation, API integrations, and case management automation, ensuring seamless data exchange between security tools. · This position will be based in Sri Lanka and will be instrumental in building scalable automation for our 24/7 SOC and IR operations.

Key responsibilities & Accountabilities

· Develop and optimize automation workflows within Torq Hyperautomation or other SOAR platforms (e.g., XSOAR, Splunk SOAR, LogicHub, Swimlane).
· Build API integrations between security tools such as SIEMs, EDRs, XDRs, case management systems, and cloud platforms.
· Extensively work with JSON formatting, parsing, and data transformations to enable seamless data exchange across multiple security platforms.
· Streamline incident response automation to improve efficiency, reduce MTTR, and enhance security event correlation.
· Design and maintain fault-tolerant automation processes that scale across thousands of clients.
· Maintain and optimize CI/CD pipeline infrastructure within a SOAR platform.
· Collaborate with SOC analysts, DFIR teams, and threat intelligence groups to refine and enhance automation capabilities.
· Lead migration projects to improve automation platforms, ensuring seamless transitions without impacting security operations.
· Continuously evaluate and implement emerging automation techniques to enhance

Skills & Ability Must-Have Skills & Experience · 1+ years of experience in security automation, SOAR engineering, or cybersecurity automation within an MSSP, DFIR, or enterprise security environment. · Extensive experience working with JSON, including JSON schema design, manipulation, parsing, and API-based data transformations. · Strong scripting skills in Python, PowerShell, or Bash for workflow automation. · Proficiency in API development and integration, including RESTful APIs, JSON-based APIs, and webhook automation. · Experience working with SIEM (Splunk, Sentinel, QRadar, Rapid7 IDR, etc.) and EDR/XDR tools (CrowdStrike, SentinelOne, Stellar Cyber, Cortex XDR, etc.).

Nice-to-Have Skills · Experience in multi-client environments (MSSP, IR firms, or security service providers). · Hands-on experience with Torq Hyperautomation, XSOAR, Splunk SOAR, or similar platforms.

· Certifications: Torq SOAR Analyst, Torq SOAR Expert, CompTIA Security+, AWS/Azure Security Certifications. · Proficiency in using JQ filters for data manipulation. · Familiarity with CI/CD pipelines (Azure DevOps) · Experience automating cloud security workflows (AWS, Azure, Google Cloud). · Familiarity with case management automation and cross-platform data normalization. · Prior experience leading SOAR migration projects or developing custom security playbooks. Show more Show less