Logo for ICONMA

Security Automation Engineer (SOAR / Python / Ansible)

Role overview

Qualifications

  • 6–10+ years in Security Engineering, Security Automation, SOAR, or Security Operations Engineering
  • Proficiency in Python and experience with Ansible
  • Hands-on experience designing and implementing automation using APIs (REST/JSON)

Responsibilities

  • Design, build, and maintain automation and orchestration solutions to improve security outcomes
  • Develop and maintain SOAR playbooks for alert triage, enrichment, and remediation
  • Collaborate with SOC analysts to translate procedures into automated runbooks

About the company

ICONMA logo

ICONMA

Management Consulting

We provide Professional Staffing Services & Project-Based Solutions for a broad range of Fortune 500 organizations. ICONMA is a certified Woman-Owned staffing company and was founded in 2000. ICONMA’s corporate headquarters is in Troy, Michigan, and has 15+ locations worldwide. What makes ICONMA stand out in a fiercely competitive industry? *We provide integrated, full lifecycle services across a broad range of business and technical platforms. *No single company can duplicate our full range of staffing and permanent recruiting services nationwide. *Proven track record of attracting and retaining exceedingly skilled professional workers in a highly competitive market. SERVICES OFFERED Staff Augmentation (Contract, Contract to Hire, Direct Hire, Single Source) Data Analysis Project-Based Services & Solutions Hire Train Deploy Service Model Offshore Staff Augmentation Payroll Services AREAS OF EXPERTISE - Information Technology - Engineering - Business Professional - Accounting/Finance - Admin/Clerical/Call Center - Healthcare/Clinical/Scientific - Marketing/Creative mail linkedin@iconma.com Phone (888) 451-2519 Website http://www.iconma.com

Company details

Company typeLarge
IndustryManagement Consulting
Company size1001 - 5000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Our client, a IT Services and Consulting company, is looking for a Security Automation Engineer (SOAR / Python / Ansible) for their Remote location.
 
Responsibilities:

  • The Automation/Orchestration/Security Engineer designs, builds, and maintains automation and orchestration solutions that improve security outcomes, reduce manual effort, and increase reliability across security operations and engineering. This role partners with Security Operations, Incident Response, IT, and Platform/Cloud teams to integrate tools, standardize workflows, and implement measurable, auditable security automation.
  • This position is hands-on and requires strong engineering fundamentals, security domain knowledge, and an automation-first mindset. The engineer will build integrations, develop playbooks/runbooks, and help mature detection-to-response processes with a focus on scalability, safety, and governance.
  • Own the design and delivery of security automation and orchestration capabilities that improve response time, consistency, and quality across security workflows.
  • Develop and maintain SOAR playbooks for alert triage, enrichment, containment, and remediation.
  • Build and manage automation integrations with security tooling (SIEM, EDR/XDR, IAM, ticketing, vulnerability management, cloud security) using APIs, webhooks, and event-driven architectures.
  • Create reusable automation components (scripts, libraries, templates) with appropriate error handling, retries, logging, and observability.
  • Collaborate with SOC analysts and Incident Response to translate procedures into automated runbooks; ensure safe execution with approval gates where needed.
  • Design automation with governance: role-based access controls, change management, auditability, and documentation.
  • Partner with engineering and infrastructure teams to automate security controls and guardrails (policy-as-code, compliance checks, hardening, configuration drift remediation).
  • Support incident response by developing rapid automation for containment and evidence collection (while maintaining chain-of-custody and logging requirements).
 
Requirements:
  • Experience: 6–10+ years in Security Engineering, Security Automation, SOAR, or Security Operations Engineering.
  • Domain Background: Financial Services, Banking, FinTech, Insurance, or other highly regulated environments with mature cybersecurity operations.
Top 3 skills:
  • Python
  • Ansible
  • Rest API Json
  • Candidates must demonstrate strong automation engineering skills, comfort working with APIs and distributed systems, and practical security knowledge relevant to modern enterprise environments.
  • 3+ years of experience in automation engineering, security engineering, security operations engineering, or a related role.
  • Proficiency in at least one scripting/programming language (Python preferred; PowerShell, or JavaScript).
  • Experience with Automation and Orchestration tools like Ansible, Itential, Aria Orchestrator or similar product.
  • Hands-on experience designing and implementing automation using APIs (REST/JSON), webhooks, and authentication methods (OAuth2, tokens, mutual TLS).
  • Working knowledge of SIEM concepts (log ingestion, correlation, queries) and SOC processes (triage, escalation, incident handling).
  • Strong understanding of core security domains: IAM, endpoint security, network security, vulnerability management, and cloud security fundamentals.
  • Experience with Git-based workflows and software engineering practices (code review, branching strategies, testing).
  • Ability to document solutions clearly (runbooks, diagrams, operating procedures) and communicate effectively with technical and non-technical stakeholders.
  • Experience with vulnerability management automation (ticketing workflows, remediation tracking, exception handling, SLA reporting).
  • Cloud platform experience (AWS, Azure, and/or GCP), including security services and identity models.
  • Container and Kubernetes security familiarity
  • Experience integrating with EDR/XDR tools and automating response actions (isolation, kill process, quarantine).
  • Familiarity with ITSM and workflow tools (ServiceNow, Jira) and structured change management.
  • Success Criteria, Working Relationships, and Additional Information
  • Success in this role is measured by increased automation coverage, reduced manual toil, improved response timelines, and safe, reliable orchestration with strong governance and auditability.
  • Deliver high-impact playbooks that measurably reduce MTTA/MTTR and analyst workload.
  • Ensure automations follow least-privilege and change-control requirements; maintain strong logging and traceability.
  • Partner effectively with SOC, IR, IT, and Cloud/Platform Engineering to align workflows and implement remediation actions safely.
  • Create clear documentation and knowledge transfer materials to enable operational ownership and scale.
  • Uphold secure coding practices and ensure automation cannot be abused (input validation, permission boundaries, approval steps).
  • 6.00 Years of Experience
 
Why Should You Apply?

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Engineer Related jobs

Other jobs at ICONMA

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.