Remoworker Remoworker
P

Security Automation Architect (SIEM/SOAR & AI)

Plain Concepts
Remote Full-time Worldwide Design
Apply on RemoteFirstJobs →

You'll be redirected to the original listing.

Description

Mission

Transform security operations for the AI era.

We are looking for a senior cybersecurity professional to help redesign how modern Security Operations Centers detect, investigate and respond to threats by combining Detection & Response expertise, security automation, AI automation and agentic AI capabilities.

The role will focus on turning traditional SOC processes into intelligent, controlled and scalable workflows, where AI agents can assist analysts, automate repetitive tasks, enrich investigations, recommend actions and accelerate response while maintaining human oversight, auditability and security control.

This is a hands-on architecture role at the intersection of SecOps, SIEM/SOAR, Detection Engineering, Incident Response and AI-native automation.

The ideal candidate will help organizations move from manual, ticket-driven security operations toward a new operating model where analysts, automation and AI agents work together to increase speed, consistency and resilience.

Key Responsibilities

1. AI-native SOC transformation

·       Analyze current SOC operating models, L1/L2 activities, escalation flows and response procedures.

·       Identify opportunities to automate, augment or redesign detection and response processes using AI automation and agentic workflows.

·       Translate analyst knowledge into structured, reusable and automatable workflows.

·       Define how AI agents can support alert triage, enrichment, investigation, prioritization and response.

·       Establish clear boundaries between autonomous actions, AI-assisted recommendations and human decision points.

·       Help organizations evolve from traditional SOC processes to AI-enabled security operations.

2. Detection & Response automation architecture

·       Define automation blueprints for common detection and response use cases.

·       Convert incident response playbooks into structured workflows.

·       Define decision trees, enrichment steps, evidence requirements and output formats.

·       Support the design of automated triage, false positive reduction and incident prioritization.

·       Create reusable patterns for investigation, containment, escalation and reporting.

·       Ensure automation is reliable, explainable and operationally useful for SOC teams.

3. Agentic security operations design

·       Define agent roles, responsibilities, permissions and execution boundaries.

·       Design human-in-the-loop models for sensitive or high-impact actions.

·       Define approval workflows, escalation paths and confidence thresholds.

·       Ensure agent recommendations are explainable, traceable and auditable.

·       Define logging and evidence requirements for AI-assisted decisions.

·       Identify and mitigate risks such as unsafe automation, hallucination, excessive permissions, prompt injection, data leakage or incorrect response actions.

·       Work with AI engineering teams to ensure agentic workflows are secure, controlled and aligned with security operations needs.

4. SIEM, SOAR and security tooling integration

5. Human-in-the-loop operating model

6. Continuous improvement and operational impact

Relevant technology exposure

The role is not limited to one vendor, but should be able to work with modern security operations and AI automation ecosystems, including:

·       SIEM platforms such as Microsoft Sentinel, Splunk, QRadar, Chronicle or similar.

·       SOAR platforms and automation frameworks.

·       XDR / EDR platforms and cloud security platforms.

·       Identity and access management systems.

·       Threat intelligence platforms.

Related remote jobs