cyber security Automation expertBoehringer Ingelheim

The PositionYou will be part of our Security Automation team that eliminates toil, accelerates incident response, and measurably reduces risk. You will be the hands-on expert designing, building, and operating automations across Microsoft Sentinel SOAR (playbooks/Logic Apps) and ServiceNow (Flow Designer, Orchestration, IntegrationHub). You'll also collaborate on BI/ETL automations (BIDS/SSIS or modern equivalents) to keep dashboards trustworthy and real-time.Duties and Responsibilities:
Design & build SOAR playbooks in Microsoft Sentinel to automate enrichment, triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints).
Automate ServiceNow workflows across ITSM/IR (Security Incident, Incident, Problem, Change), including case creation, field population, approvals, tasking, escalations, and bi-directional sync with SOC tools.
Integrate ecosystems: EDR/XDR, firewalls, TI feeds, cloud platforms, identity stores (Entra ID), messaging (Teams/Slack), and evidence stores.
Own reliability: implement robust error handling, retries/idempotency, health checks, observability (logs/metrics), and secrets management (e.g., Key Vault).
BI/ETL automation (BIDS/SSIS or equivalent): partner with SecOps and Data/BI to automate data pipelines for security KPIs and dashboards (e.g., incidents, SLA/OLA, MTTR).
Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ServiceNow.
Governance & SDLC: version control (Git), code reviews, CI/CD, change control, documentation and runbooks.
Enable the SOC: create reusable automation building blocks, write playbook docs, and train analysts to safely run automations.
Requirements:
Bachelor's degree in computer science/engineering or equivalent hands-on experience.
Minimum 3 years working with ServiceNow and SOAR (Microsoft Sentinel preferred).
4+ years working with SOAR (preferably Microsoft Sentinel/Logic Apps) and/or 4+ years hands-on experience with ServiceNow automtions.
Strong ServiceNow skills: Flow Designer, IntegrationHub/Spokes, Orchestration/MID Server, REST/SOAP integrations; solid grasp of ITSM/IR data models and CMDB relationships.
Strong SOAR engineering: event parsing, enrichment patterns, containment actions, webhooks, OAuth/service principals, and API integrations.
Proficiency in scripting/automation: Python and/or PowerShell; comfortable with JSON, REST, and event-driven patterns.
Git-based SDLC and basic CI/CD familiarity; writing clean, tested, maintainable code.
Clear, concise communication with engineers, analysts, and stakeholders.
Nice to have:
KQL (Microsoft Sentinel analytics, hunting, watchlists, data connectors).
Microsoft cloud automation: Azure Logic Apps, Functions, Automation Accounts, Key Vault, Managed Identities, RBAC.
Experience with BIDS/SSIS/SSDT or Azure Data Factory for BI/ETL; building data feeds that power Power BI or similar dashboards.
Knowledge of EDR/XDR (Microsoft Defender), TIPs, and common IR tools.
Experience with IntegrationHub spokes (e.g., Microsoft, Slack/Teams, Jira) or building custom spokes.
Familiarity with Infrastructure-as-Code (ARM/Bicep/Terraform), Zero Trust patterns.
Practical security ops mindset: incident lifecycle, SOC workflows, MITRE ATT&CK concepts, and measurable improvements to MTTR.
English - High-level proficiency (written and spoken)
Desired certifications, courses and training :
SC-100: Microsoft Cybersecurity Architect.
AZ-500: Azure Security Engineer.
AZ-400: DevOps Engineer Expert.
DP-203: Data Engineer (ETL/ADF/Synapse)
CSA (Certified System Administrator) or CAD (Certified Application Developer)
Boehringer Ingelheim

Muntinlupa City, Metro Manila
Permanent
Full-time