**Key Responsibilities:** * Design, build, and maintain SOC automation workflows for L1 triage, alert enrichment, and response using SOAR tools (Cortex XSOAR, Splunk SOAR, n8n, etc.) * Develop modular, agent\-based pipelines using Python or TypeScript (ideally event\-driven or orchestrated via n8n, Apache Airflow, etc.) * Integrate threat intelligence APIs (VirusTotal, AbuseIPDB, Shodan, MISP, OpenCTI) * Collaborate with AI team to interface LLMs into enrichment/summarization steps (e.g., GPT, Claude, mistral, etc.) * Contribute to architectural design and data flow models (timeline graphs, observables) * Write clean, testable code and deploy in cloud\-based environments (AWS/GCP) **Requirements:** **Qualifications:** * 5–10\+ years of experience in cybersecurity, DevSecOps, or SOC automation * Proficiency in Python, JavaScript/TypeScript, or Golang * Hands\-on with at least one SOAR or workflow automation platform (e.g., Cortex XSOAR, Phantom, TheHive, Shuffle, StackStorm, n8n) * Strong understanding of SIEM tools (e.g., Splunk, Sentinel, QRadar, Wazuh) * Experience with threat intelligence feeds, EDR/XDR tools, and incident response logic * Familiarity with RESTful APIs, webhook/event\-driven architectures * (Bonus) Experience with AI/ML models (especially LLMs or agent frameworks)