Search all jobs
Browse jobs › Security Automation Architect (SIEM/SOAR & AI)

Security Automation Architect (SIEM/SOAR & AI)

Plain Concepts · TELECOMMUTE · Posted Jul 7, 2026

Apply on company site   Track it in JobSkout

Mission

Transform security operations for the AI era.

We are looking for a senior cybersecurity professional to help redesign how modern Security Operations Centers detect, investigate and respond to threats by combining Detection & Response expertise, security automation, AI automation and agentic AI capabilities.

The role will focus on turning traditional SOC processes into intelligent, controlled and scalable workflows, where AI agents can assist analysts, automate repetitive tasks, enrich investigations, recommend actions and accelerate response while maintaining human oversight, auditability and security control.

This is a hands-on architecture role at the intersection of SecOps, SIEM/SOAR, Detection Engineering, Incident Response and AI-native automation.

The ideal candidate will help organizations move from manual, ticket-driven security operations toward a new operating model where analysts, automation and AI agents work together to increase speed, consistency and resilience.

Key Responsibilities

1. AI-native SOC transformation

  • Analyze current SOC operating models, L1/L2 activities, escalation flows and response procedures.
  • Identify opportunities to automate, augment or redesign detection and response processes using AI automation and agentic workflows.
  • Translate analyst knowledge into structured, reusable and automatable workflows.
  • Define how AI agents can support alert triage, enrichment, investigation, prioritization and response.
  • Establish clear boundaries between autonomous actions, AI-assisted recommendations and human decision points.
  • Help organizations evolve from traditional SOC processes to AI-enabled security operations.

2. Detection & Response automation architecture

  • Define automation blueprints for common detection and response use cases.
  • Convert incident response playbooks into structured workflows.
  • Define decision trees, enrichment steps, evidence requirements and output formats.
  • Support the design of automated triage, false positive reduction and incident prioritization.
  • Create reusable patterns for investigation, containment, escalation and reporting.
  • Ensure automation is reliable, explainable and operationally useful for SOC teams.

3. Agentic security operations design

  • Define agent roles, responsibilities, permissions and execution boundaries.
  • Design human-in-the-loop models for sensitive or high-impact actions.
  • Define approval workflows, escalation paths and confidence thresholds.
  • Ensure agent recommendations are explainable, traceable and auditable.
  • Define logging and evidence requirements for AI-assisted decisions.
  • Identify and mitigate risks such as unsafe automation, hallucination, excessive permissions, prompt injection, data leakage or incorrect response actions.
  • Work with AI engineering teams to ensure agentic workflows are secure, controlled and aligned with security operations needs.

4. SIEM, SOAR and security tooling integration

5. Human-in-the-loop operating model

6. Continuous improvement and operational impact

Relevant technology exposure

The role is not limited to one vendor, but should be able to work with modern security operations and AI automation ecosystems, including:

  • SIEM platforms such as Microsoft Sentinel, Splunk, QRadar, Chronicle or similar.
  • SOAR platforms and automation frameworks.
  • XDR / EDR platforms and cloud security platforms.
  • Identity and access management systems.
  • Threat intelligence platforms.
  • Case management and ticketing tools.
  • AI automation platforms, agentic AI frameworks and enterprise AI orchestration environments.
  • Microsoft Foundry, Microsoft Security Copilot, Logic Apps, Azure Functions or automation runbooks, where relevant.

Apply on company site