Cybersecurity Analyst – Automation

About the role

The Cybersecurity Analyst (Automation) will enhance the organisation's security posture by designing, tuning and automating detection and response capabilities within SIEM and SOAR platforms. Working closely with IT infrastructure teams and SOC analysts, the role focuses on reducing manual effort, improving alert quality and accelerating incident response across all enterprise environments.

Key responsibilities

• Develop, refine and maintain detection rules, correlations and automated playbooks in SIEM and SOAR tools.
• Integrate new log sources, ensure data normalization and maintain high‑quality data pipelines.
• Optimize SIEM performance, manage connectors, and reduce false‑positive alerts.
• Collaborate with SOC analysts to improve alert fidelity and support security event analysis.
• Monitor threat trends, perform MITRE ATT&CK mapping and enrich use cases with threat intelligence.
• Document rules, integrations, automations and contribute to log‑management standards.
• Administer SIEM/SOAR platforms, including installation, configuration, upgrades and module management.
• Conduct network monitoring, intrusion analysis and participate in incident triage, containment and investigation.

Required profile

• DEC or Bachelor’s degree in Computer Science, Cybersecurity or a related field.
• Minimum 7 years of experience in IT security, with a strong focus on detection engineering and automation.
• Proven ability to work with cross‑functional teams and communicate technical concepts clearly.

Required skills

• SIEM platforms (e.g., Splunk, QRadar, ArcSight)
• SOAR platforms (e.g., Cortex XSOAR, Demisto)
• IDS/IPS, firewalls, EDR and email security solutions
• MITRE ATT&CK framework and threat intelligence integration
• Log source integration, data normalization and event correlation
• Network monitoring and intrusion analysis
• Automation of security processes and workflow orchestration