Cybersecurity Automation Engineer (Alabang)

• Design and build automation workflows (playbooks) in Tines, Torq, and n8n to enrich alerts, perform triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints).
• Integrate security tools and ecosystems: EDR/XDR, firewalls, threat intelligence feeds, cloud platforms, identity stores, messaging (Teams/Slack), and evidence repositories.
• Ensure reliability of automations: robust error handling, retries, health checks, observability (logs/metrics), and secure secrets management.
• Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ticketing systems (ServiceNow, Jira, etc.).
• Governance and SDLC: version control (Git), code reviews, CI/CD, change management, documentation, and runbook creation.
• Enable the SOC: create reusable automation building blocks, document playbooks, and train analysts for safe operation.

What do you need to succeed

• 3+ years of experience in cybersecurity automation, preferably with SOAR low-code/no-code platforms (Tines, Torq, n8n) or equivalent experience in developing security integrations.
• Strong automation engineering skills: event parsing, enrichment patterns, containment actions, webhooks, OAuth, REST API integrations.
• Proficiency in scripting/automation (Python, JavaScript, or similar) fluent in JSON and event-driven patterns.
• Experience with version control (Git) and familiarity with CI/CD writing clean, tested, maintainable code.
• Clear and effective communication with technical teams and stakeholders.
  

Nice to have

• KQL (Microsoft Sentinel analytics, hunting, watchlists, data connectors).
• Experience with SIEM/SOAR (Microsoft Sentinel, Splunk, etc.).
• Knowledge of cloud automation (Azure, AWS, GCP).
• Familiarity with EDR/XDR, TIPs, and common incident response tools.
• Experience integrating ticketing systems (ServiceNow, Jira) and messaging platforms (Teams, Slack).
• Knowledge of Infrastructure as Code (Terraform, ARM, Bicep).
• Security operations mindset: incident lifecycle, SOC workflows, MITRE ATT&CK, and continuous improvement of MTTR.

Languages: English (High level)

Qualifications

• Bachelor's degree in computer science/engineering or equivalent hands-on experience.
• Minimum 3 years working on Automation.
• Desired certifications: SC-100, AZ-500, AZ-400, or other relevant cybersecurity and automation certifications.