SOC Automation Engineer in Leeds

As a SOC Automation Engineer, you will apply hands-on engineering expertise to design, build, and optimise automation workflows that improve the scalability and efficiency of SOC services. Working across SIEM, endpoint, and orchestration platforms (primarily Palo Alto XSOAR), you will reduce analyst workload, accelerate incident response, and enhance decision-making across customer environments.

Key Responsibilities

• Automation Development - Design, build, and maintain scalable automation workflows across detection and response platforms.
• Integration & Orchestration - Deliver cross-platform automation enabling fast, reliable response actions.
• Lifecycle Management - Develop, deploy, and continuously optimise automation for performance, resilience, and coverage.
• Collaboration & Requirements Gathering - Work with SOC and engineering teams to identify automation opportunities.
• Documentation - Produce clear documentation to support delivery, troubleshooting, and continuous improvement.
• Automation Planning - Contribute to automation roadmaps, threat modelling, and use case development.
• Pre-Sales Support - Assist with demos, scoping, and proof-of-value activities where required.

Core Duties

• Automation Design & Development - Build and maintain workflows across SIEM, EDR, and SOAR platforms; develop reusable scripts, templates, and components; ensure solutions support secure, multi-tenant environments.
• Integration & Response Automation - Orchestrate containment, enrichment, and remediation actions; integrate with threat intelligence, cloud, vulnerability, and reporting tools; partner with analysts to map and automate response processes.
• Lifecycle Management & Optimisation - Manage automation from design through to optimisation; troubleshoot failures and refine logic; use post-incident insights to improve workflows.
• Documentation & Standards - Maintain clear documentation of workflows, dependencies, and error handling; ensure consistency and usability for wider teams.
• Strategic Contribution - Support use cases aligned to threat modelling and MITRE ATT&CK; contribute to automation playbooks and response strategies; stay current with tools, frameworks, and emerging threats.
• Collaboration - Embed automation into SOC workflows; share best practices and support team development.
• Pre-Sales - Support workshops, onboarding, and solution design where needed.

Stakeholder Collaboration

• SOC Analysts - Automate repeatable triage and response activities.
• Platform & Detection Engineers - Integrate automation into tooling and detections.
• Sales & Pre-Sales - Provide technical input for customer solutions.

Requirements

• 2+ years' experience in SOC, automation, or cloud security engineering.
• Experience in managed services or multi-tenant environments.
• Strong experience building automations across SIEM, SOAR, or EDR platforms.
• Proficiency in scripting (e.g., Python, PowerShell).
• Experience working with APIs, webhooks, and authentication methods.
• Knowledge of threat frameworks (e.g., MITRE ATT&CK).
• Understanding of cloud security, identity, and event-driven automation.
• Strong communication and analytical skills.
• Security clearance (NPPV and/or SC) may be required.

Technical Knowledge

• Security orchestration and automation principles.
• Scripting and integration patterns (APIs, webhooks).
• SOC detection and response workflows.
• Threat intelligence integration and use case design.
• Cloud and identity security concepts.
• Multi-tenant automation design.

Certifications

• Essential: Hands-on experience with Palo Alto XSOAR.
• Desirable: Palo Alto Networks Certified XSOAR Engineer; Palo Alto Networks Certified Security Automation Engineer (PCSAE); Palo Alto Networks Security Operations Professional.