Apply now »

Cyber Security Automation Expert

The Position

Are you passionate about automation, cybersecurity, and building smart solutions that make a real impact? If you're someone who thrives on solving complex problems and streamlining security operations, we’d love to have you on our Security Automation team.
In this role, you’ll be at the forefront of eliminating toil, accelerating incident response, and measurably reducing risk. You will be the hands-on expert designing, building, and operating automations across Microsoft Sentinel SOAR (playbooks/Logic Apps) and ServiceNow (Flow Designer, Orchestration, IntegrationHub). You’ll also collaborate on BI/ETL automations (BIDS/SSIS or modern equivalents) to keep dashboards trustworthy and real-time.

 

Duties and Responsibilities:

As a Cyber Security Automation Expert, you’ll:

  • Design & build SOAR playbooks in Microsoft Sentinel to automate enrichment, triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints).
  • Automate ServiceNow workflows across ITSM/IR (Security Incident, Incident, Problem, Change), including case creation, field population, approvals, tasking, escalations, and bi-directional sync with SOC tools.
  • Integrate ecosystems: EDR/XDR, firewalls, TI feeds, cloud platforms, identity stores (Entra ID), messaging (Teams/Slack), and evidence stores.
  • Own reliability: implement robust error handling, retries/idempotency, health checks, observability (logs/metrics), and secrets management (e.g., Key Vault).
  • BI/ETL automation (BIDS/SSIS or equivalent): partner with SecOps and Data/BI to automate data pipelines for security KPIs and dashboards (e.g., incidents, SLA/OLA, MTTR).
  • Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ServiceNow.
  • Governance & SDLC: version control (Git), code reviews, CI/CD, change control, documentation and runbooks.
  • Enable the SOC: create reusable automation building blocks, write playbook docs, and train analysts to safely run automations.

 

About our future employee:

  • Our ideal candidate must have a bachelor’s degree in computer science/engineering or equivalent hands-on experience.
  • You have minimum 3 years working with ServiceNow and SOAR (Microsoft Sentinel preferred).
  • You have 4+ years working with SOAR (preferably Microsoft Sentinel/Logic Apps) and/or 4+ years hands-on experience with ServiceNow automations.
  • You have a strong ServiceNow skills: Flow Designer, IntegrationHub/Spokes, Orchestration/MID Server, REST/SOAP integrations; solid grasp of ITSM/IR data models and CMDB relationships.
  • You have strong SOAR engineering: event parsing, enrichment patterns, containment actions, webhooks, OAuth/service principals, and API integrations.
  • You are proficient in scripting/automation: Python and/or PowerShell; comfortable with JSON, REST, and event-driven patterns.
  • You have Git-based SDLC and basic CI/CD familiarity; writing clean, tested, maintainable code.
  • You provide clear, concise communication with engineers, analysts, and stakeholders.

Bonus points if you have:

  • Experience with KQL (Microsoft Sentinel analytics, hunting, watchlists, data connectors).
  • Familiarity with Microsoft cloud automation: Azure Logic Apps, Functions, Automation Accounts, Key Vault, Managed Identities, RBAC.
  • Experience with BIDS/SSIS/SSDT or Azure Data Factory for BI/ETL; building data feeds that power Power BI or similar dashboards.
  • Knowledge of EDR/XDR (Microsoft Defender), TIPs, and common IR tools.
  • Experience with IntegrationHub spokes (e.g., Microsoft, Slack/Teams, Jira) or building custom spokes.
  • Familiarity with Infrastructure-as-Code (ARM/Bicep/Terraform), Zero Trust patterns.
  • Practical security ops mindset: incident lifecycle, SOC workflows, MITRE ATT&CK concepts, and measurable improvements to MTTR.
  • High-level profiency in English (written and spoken)
  • Desired certifications, courses and training :
    • SC-100: Microsoft Cybersecurity Architect.
    • AZ-500: Azure Security Engineer.
    • AZ-400: DevOps Engineer Expert.
    • DP-203: Data Engineer (ETL/ADF/Synapse)
    • CSA (Certified System Administrator) or CAD (Certified Application Developer)

 

 

Click here to know what it looks like working at Boehringer Ingelheim Business Services Philippines Inc.

Apply now »