Core Responsibilities: 

 • Workflow Orchestration: Design automated playbooks for common security  scenarios (e.g., phishing triage, host isolation, user offboarding) using code or logic  flows.  

• API Integration: Build custom connectors to link disparate systems (e.g., SIEM,  EDR, Ticketing Systems) via REST/gRPC APIs.  

• ChatOps: Develop bots for internal collaboration platforms (e.g., Slack/Teams) to  enable self-service security tasks.  

• AI-Driven Triage: Implement Generative AI workflows to autonomously parse  tickets, summarize alerts, and extract Indicators of Compromise (IoCs).  

Must-Have Skills: 

 • Scripting & Coding: Strong proficiency in Python or Golang with a focus on API  interaction and data processing.  

• Integration Patterns: Expert understanding of Webhooks, RESTful design, and  authentication methods (OIDC/OAuth/API Keys).  • Operational Logic: Experience with SOAR concepts (Logic Apps, Serverless  Functions, or Workflow Engines) to automate decision trees.  

• Security Context: Understanding of the Incident Response lifecycle and standard  data formats (JSON, YAML).  

Preferred / Nice to Have:  

• Experience with ITSM platforms (e.g., ServiceNow/Jira) for automated ticketing.  

• Frontend knowledge (JS/TS) for building simple internal dashboards or Browser  Extensions. 

• Experience with Containerization (Docker) for deploying automation scripts.