soar Automation Engineer (alabang)Stefanini
Workplace: Muntinlupa
Salary: Agreement
Work form: Full time
Posting Date: 18/11/2025
Deadline: 13/12/2025
Details:About the roleYou will join our Security Automation team to eliminate toil, accelerate incident response, and measurably reduce risk. You will be the hands-on expert designing, building, and operating automations across Microsoft Sentinel SOAR (Logic Apps/Playbooks) that streamline day-to-day IR activities and reduce MTTA/MTTR and analyst effort.What you'll do
Design & build SOAR playbooks in Microsoft Sentinel to automate enrichment, triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints).
Integrate ecosystems: EDR/XDR, firewalls, TI feeds, cloud platforms, identity stores (Entra ID), messaging (Teams/Slack), and evidence stores.
Own reliability: implement robust error handling, retries/idempotency, health checks, observability (logs/metrics), and secrets management (e.g., Key Vault).
Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ServiceNow.
Governance & SDLC: version control (Git), code reviews, CI/CD, change control, documentation and runbooks.
Enable the SOC: create reusable automation building blocks, write playbook docs, and train analysts to safely run automations.Job RequirementsDetails:What you'll bring (Must-haves)
4+ years working with SOAR (preferably Microsoft Sentinel/Logic Apps) and/or 4+ years hands-on experience with ServiceNow automtions.
Strong SOAR engineering: event parsing, enrichment patterns, containment actions, webhooks, OAuth/service principals, and API integrations.
Proficiency in scripting/automation: Python and/or PowerShell; comfortable with JSON, REST, and event-driven patterns.
Git-based SDLC and basic CI/CD familiarity; writing clean, tested, maintainable code.
Clear, concise communication with engineers, analysts, and stakeholders.
Nice to have
KQL (Microsoft Sentinel analytics, hunting, watchlists, data connectors).
Microsoft cloud automation: Azure Logic Apps, Functions, Automation Accounts, Key Vault, Managed Identities, RBAC.
Knowledge of EDR/XDR (Microsoft Defender), TIPs, and common IR tools.
Experience with IntegrationHub spokes (e.g., Microsoft, Slack/Teams, Jira) or building custom spokes.
Familiarity with Infrastructure-as-Code (ARM/Bicep/Terraform), Zero Trust patterns.
Practical security ops mindset: incident lifecycle, SOC workflows, MITRE ATT&CK concepts, and measurable improvements to MTTR.
Languages: English (High level)Qualifications
Bachelor's degree in computer science/engineering or equivalent hands-on experience.
Minimum 3 years working SOAR (Microsoft Sentinel preferred).
Desired certifications, courses and training
SC-100: Microsoft Cybersecurity Architect.
AZ-500: Azure Security Engineer.
AZ-400: DevOps Engineer Expert.
#LI-LD1 #LI-HYBRIDPay Range:Based on Experience
Stefanini
Design & build SOAR playbooks in Microsoft Sentinel to automate enrichment, triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints).
Integrate ecosystems: EDR/XDR, firewalls, TI feeds, cloud platforms, identity stores (Entra ID), messaging (Teams/Slack), and evidence stores.
Own reliability: implement robust error handling, retries/idempotency, health checks, observability (logs/metrics), and secrets management (e.g., Key Vault).
Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ServiceNow.
Governance & SDLC: version control (Git), code reviews, CI/CD, change control, documentation and runbooks.
Enable the SOC: create reusable automation building blocks, write playbook docs, and train analysts to safely run automations.Job RequirementsDetails:What you'll bring (Must-haves)
4+ years working with SOAR (preferably Microsoft Sentinel/Logic Apps) and/or 4+ years hands-on experience with ServiceNow automtions.
Strong SOAR engineering: event parsing, enrichment patterns, containment actions, webhooks, OAuth/service principals, and API integrations.
Proficiency in scripting/automation: Python and/or PowerShell; comfortable with JSON, REST, and event-driven patterns.
Git-based SDLC and basic CI/CD familiarity; writing clean, tested, maintainable code.
Clear, concise communication with engineers, analysts, and stakeholders.
Nice to have
KQL (Microsoft Sentinel analytics, hunting, watchlists, data connectors).
Microsoft cloud automation: Azure Logic Apps, Functions, Automation Accounts, Key Vault, Managed Identities, RBAC.
Knowledge of EDR/XDR (Microsoft Defender), TIPs, and common IR tools.
Experience with IntegrationHub spokes (e.g., Microsoft, Slack/Teams, Jira) or building custom spokes.
Familiarity with Infrastructure-as-Code (ARM/Bicep/Terraform), Zero Trust patterns.
Practical security ops mindset: incident lifecycle, SOC workflows, MITRE ATT&CK concepts, and measurable improvements to MTTR.
Languages: English (High level)Qualifications
Bachelor's degree in computer science/engineering or equivalent hands-on experience.
Minimum 3 years working SOAR (Microsoft Sentinel preferred).
Desired certifications, courses and training
SC-100: Microsoft Cybersecurity Architect.
AZ-500: Azure Security Engineer.
AZ-400: DevOps Engineer Expert.
#LI-LD1 #LI-HYBRIDPay Range:Based on Experience
Stefanini
Other Info
Alabang, Muntinlupa City
Permanent
Full-time
Permanent
Full-time
Submit profile
Stefanini
About the company
Stefanini jobs
Pasay, Metro Manila
Principal Systems Engineer, ServiceNow Automation Engineer
Boehringer Ingelheim
MetroManila, Manila, MuntinlupaAgreement
MetroManila, ManilaAgreement
System Engineer II - Azure App Registration Specialist
MuntinlupaAgreement
MuntinlupaAgreement
Systems Engineer, Sr. - Amplify (Alabang)
MuntinlupaAgreement
Position soar Automation Engineer (alabang) recruited by the company Stefanini at Muntinlupa, Joboko automatically collects the salary of , finds more jobs on SOAR Automation Engineer (Alabang) or Stefanini company in the links above