Join a dynamic team as a SOC Automation Engineer Lead, where you'll be instrumental in building and maintaining advanced automation and AI solutions for a leading Cybersecurity Operations Centre. This role empowers you to innovate and streamline workflows that significantly enhance security operations.

Responsibilities:

Design, develop, test, and maintain SOAR playbooks for alert triage, enrichment, containment, remediation, and escalation workflows.
Build modular and reusable playbook components for various incident scenarios, ensuring maintainability and flexibility.
Implement human-in-the-loop decision gates for critical automated actions to maintain analyst oversight.
Define and enforce playbook engineering standards, including error handling, logging, and performance benchmarking.
Maintain a playbook library with version control and documentation management.
Continuously monitor and improve playbook performance metrics such as automation rates and execution times.
Manage bi-directional API integrations between various SOC platforms and security solutions.
Develop custom integration connectors when standard options are insufficient.
Design and oversee a data enrichment pipeline that augments alerts with relevant contextual information.
Ensure all integrations are robust, with features like retry logic and alerts for failures.
Identify and implement AI and machine learning capabilities to improve SOC operations, including alert triage, behavioral analytics, and threat hunting assistance.
Establish automated investigation workflows that gather evidence and assist in analyst reviews.
Create automated SOC health monitoring systems to identify and alert on data discrepancies and playbook errors.
Build reporting pipelines that provide real-time insights on SOC key performance indicators.

Requirements:

Bachelor's degree in Computer Science, Computer Engineering, Data Science, or a related field.
Minimum of 3 years' experience in cybersecurity, with at least 2 years focused on automation, SOAR development, or security engineering.
Proven experience in developing playbooks and workflows for enterprise SOAR platforms.
Proficiency in Python and PowerShell for automation and integration purposes.
Demonstrated ability to build REST API integrations between security platforms.
Familiarity with Microsoft Sentinel and its components, including Logic Apps and KQL.
Experience with agentic AI frameworks for developing investigation workflows.
Understanding of LLM security risks and strategies for implementing preventative measures.
Hands-on experience with container-based deployment (Docker, Kubernetes) for automation services.
A portfolio showcasing developed SOAR playbooks and security tool integrations.
Relevant industry certifications, such as Microsoft Certified: Security Operations Analyst Associate or GIAC Certified Incident Handler, are advantageous.
Ability to work at the intersection of security operations and software engineering, fostering collaboration

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to PERSOL Singapore Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.persolsingapore.com/policies. You acknowledge that you have read, understood, and agree with the Privacy Policy.

PERSOL Singapore Pte Ltd
UEN No. 200007268E

EA License No: 01C4394
EAP Registration No. R26161565 (Er Pei Lin, Jermaine)

Cyber Engineer Lead (Automation)

Job Description