Apply now »

Cyber Security Automation Expert

The Position

You will be part of our Security Automation team that eliminates toil, accelerates incident response, and measurably reduces risk. You will be the hands-on expert designing, building, and operating automations across Microsoft Sentinel SOAR (playbooks/Logic Apps) and ServiceNow (Flow Designer, Orchestration, IntegrationHub). You’ll also collaborate on BI/ETL automations (BIDS/SSIS or modern equivalents) to keep dashboards trustworthy and real-time.

 

Duties and Responsibilities:

  • Design & build SOAR playbooks in Microsoft Sentinel to automate enrichment, triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints).
  • Automate ServiceNow workflows across ITSM/IR (Security Incident, Incident, Problem, Change), including case creation, field population, approvals, tasking, escalations, and bi-directional sync with SOC tools.
  • Integrate ecosystems: EDR/XDR, firewalls, TI feeds, cloud platforms, identity stores (Entra ID), messaging (Teams/Slack), and evidence stores.
  • Own reliability: implement robust error handling, retries/idempotency, health checks, observability (logs/metrics), and secrets management (e.g., Key Vault).
  • BI/ETL automation (BIDS/SSIS or equivalent): partner with SecOps and Data/BI to automate data pipelines for security KPIs and dashboards (e.g., incidents, SLA/OLA, MTTR).
  • Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ServiceNow.
  • Governance & SDLC: version control (Git), code reviews, CI/CD, change control, documentation and runbooks.
  • Enable the SOC: create reusable automation building blocks, write playbook docs, and train analysts to safely run automations.

 

Requirements:

  • Bachelor’s degree in computer science/engineering or equivalent hands-on experience.
  • Minimum 3 years working with ServiceNow and SOAR (Microsoft Sentinel preferred).
  • 4+ years working with SOAR (preferably Microsoft Sentinel/Logic Apps) and/or 4+ years hands-on experience with ServiceNow automtions.
  • Strong ServiceNow skills: Flow Designer, IntegrationHub/Spokes, Orchestration/MID Server, REST/SOAP integrations; solid grasp of ITSM/IR data models and CMDB relationships.
  • Strong SOAR engineering: event parsing, enrichment patterns, containment actions, webhooks, OAuth/service principals, and API integrations.
  • Proficiency in scripting/automation: Python and/or PowerShell; comfortable with JSON, REST, and event-driven patterns.
  • Git-based SDLC and basic CI/CD familiarity; writing clean, tested, maintainable code.
  • Clear, concise communication with engineers, analysts, and stakeholders.

Nice to have:

  • KQL (Microsoft Sentinel analytics, hunting, watchlists, data connectors).
  • Microsoft cloud automation: Azure Logic Apps, Functions, Automation Accounts, Key Vault, Managed Identities, RBAC.
  • Experience with BIDS/SSIS/SSDT or Azure Data Factory for BI/ETL; building data feeds that power Power BI or similar dashboards.
  • Knowledge of EDR/XDR (Microsoft Defender), TIPs, and common IR tools.
  • Experience with IntegrationHub spokes (e.g., Microsoft, Slack/Teams, Jira) or building custom spokes.
  • Familiarity with Infrastructure-as-Code (ARM/Bicep/Terraform), Zero Trust patterns.
  • Practical security ops mindset: incident lifecycle, SOC workflows, MITRE ATT&CK concepts, and measurable improvements to MTTR.
  •  English – High-level proficiency (written and spoken)
  • Desired certifications, courses and training :
    • SC-100: Microsoft Cybersecurity Architect.
    • AZ-500: Azure Security Engineer.
    • AZ-400: DevOps Engineer Expert.
    • DP-203: Data Engineer (ETL/ADF/Synapse)
    • CSA (Certified System Administrator) or CAD (Certified Application Developer)

 

Click here to know what it looks like working at Boehringer Ingelheim Business Services Philippines Inc.

Apply now »