**The Position** You will be part of our Security Automation team that eliminates toil, accelerates incident response, and measurably reduces risk. You will be the hands-on expert designing, building, and operating automations across Microsoft Sentinel SOAR (playbooks/Logic Apps) and ServiceNow (Flow Designer, Orchestration, IntegrationHub). You’ll also collaborate on BI/ETL automations (BIDS/SSIS or modern equivalents) to keep dashboards trustworthy and real-time. **Duties and Responsibilities:** + Design & build SOAR playbooks in Microsoft Sentinel to automate enrichment, triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints). + Automate ServiceNow workflows across ITSM/IR (Security Incident, Incident, Problem, Change), including case creation, field population, approvals, tasking, escalations, and bi-directional sync with SOC tools. + Integrate ecosystems: EDR/XDR, firewalls, TI feeds, cloud platforms, identity stores (Entra ID), messaging (Teams/Slack), and evidence stores. + Own reliability: implement robust error handling, retries/idempotency, health checks, observability (logs/metrics), and secrets management (e.g., Key Vault). + BI/ETL automation (BIDS/SSIS or equivalent): partner with SecOps and Data/BI to automate data pipelines for security KPIs and dashboards (e.g., incidents, SLA/OLA, MTTR). + Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ServiceNow. + Governance & SDLC: version control (Git), code reviews, CI/CD, change control, documentation and runbooks. + Enable the SOC: create reusable automation building blocks, write playbook docs, and train analysts to safely run automations. **Requirements:** + Bachelor’s degree in computer science/engineering or equivalent hands-on experience. + Minimum 3 years working with ServiceNow and SOAR (Microsoft Sentinel preferred). + 4+ years working with SOAR (preferably Microsoft Sentinel/Logic Apps) and/or 4+ years hands-on experience with ServiceNow automtions. + Strong ServiceNow skills: Flow Designer, IntegrationHub/Spokes, Orchestration/MID Server, REST/SOAP integrations; solid grasp of ITSM/IR data models and CMDB relationships. + Strong SOAR engineering: event parsing, enrichment patterns, containment actions, webhooks, OAuth/service principals, and API integrations. + Proficiency in scripting/automation: Python and/or PowerShell; comfortable with JSON, REST, and event-driven patterns. + Git-based SDLC and basic CI/CD familiarity; writing clean, tested, maintainable code. + Clear, concise communication with engineers, analysts, and stakeholders. Nice to have: + KQL (Microsoft Sentinel analytics, hunting, watchlists, data connectors). + Microsoft cloud automation: Azure Logic Apps, Functions, Automation Accounts, Key Vault, Managed Identities, RBAC. + Experience with BIDS/SSIS/SSDT or Azure Data Factory for BI/ETL; building data feeds that power Power BI or similar dashboards. + Knowledge of EDR/XDR (Microsoft Defender), TIPs, and common IR tools. + Experience with IntegrationHub spokes (e.g., Microsoft, Slack/Teams, Jira) or building custom spokes. + Familiarity with Infrastructure-as-Code (ARM/Bicep/Terraform), Zero Trust patterns. + Practical security ops mindset: incident lifecycle, SOC workflows, MITRE ATT&CK concepts, and measurable improvements to MTTR. + English – High-level proficiency (written and spoken) + Desired certifications, courses and training : + SC-100: Microsoft Cybersecurity Architect. + AZ-500: Azure Security Engineer. + AZ-400: DevOps Engineer Expert. + DP-203: Data Engineer (ETL/ADF/Synapse) + CSA (Certified System Administrator) or CAD (Certified Application Developer) All qualified applicants will receive consideration for employment without regard to a person’s actual or perceived race, including natural hairstyles, hair texture and protective hairstyles; color; creed; religion; national origin; age; ancestry; citizenship status, marital status; gender, gender identity or expression; sexual orientation, mental, physical or intellectual disability, veteran status; pregnancy, childbirth or related medical condition; genetic information (including the refusal to submit to genetic testing) or any other class or characteristic protected by applicable law.