Automation and Orchestration Engineer_ D 2881

Overall Objectives of Job

The Automation Engineer is the operational backbone of the ‘Detection Cluster’ in Allianz Cyber Defense Center (ACDC). The role is responsible for building and maintaining the SOAR playbooks and Google SecOps workflows that allow the ACDC to handle security cases at scale — centralized and as automated as possible.

The engineer will integrate Google SecOps SIEM with CrowdStrike EDR, automate the end-to-end security case lifecycle, and continuously reduce manual effort across the security operations team.

PART 3

Experience, Technical and Functional Skills

Core Responsibilities:

• Build, maintain, and optimize SOAR playbooks within Google SecOps to automate security case triage, investigation, and remediation.
• Integrate Google SecOps SIEM with CrowdStrike EDR and other data sources for seamless alert ingestion and correlation.
• Automate the full security case lifecycle: log ingestion → alert creation → triage → true/false positive classification → Archer incident creation or case closure.
• Develop Python scripts and automation workflows to reduce manual analyst touchpoints across the ACDC.
• Integrate REST APIs with third-party security tools for orchestration and enrichment.
• Troubleshoot and improve existing SOAR playbooks and automation pipelines.

Primary Skills:

• Google SecOps (Chronicle SIEM + SOAR) — hands-on experience building and managing SOAR playbooks.
• Python scripting (Mandatory) — for automation, playbook actions, and security workflow development.
• CrowdStrike EDR understanding is a plus for integration with Google SecOps SIEM for alert ingestion and automated response.
• REST API (Mandatory) - integration with security tools (EDR, ticketing, threat intelligence platforms).
• Security case lifecycle automation — from log ingestion through triage to Archer incident creation or closure.
• Git — version control for automation code and SOAR configurations.

Good to Have:

• CI/CD tools (Jenkins, GitHub Actions) for deploying SOAR automation updates.
• Entry-level security certification (CompTIA Security+ or equivalent).
• Basic cloud knowledge (AWS or Azure) for security tool integrations.
• Familiarity with Grafana or similar for SOC metrics dashboards.

Qualifications

Education: Bachelor’s / Master’s full-time degree in a Technical stream.

Experience: 3 to 5 years of hands-on experience in security operations, security automation, or a SOC/SIEM engineering role — with demonstrated expertise in building SOAR playbooks, scripting automation workflows, and integrating security tools via REST APIs.

Soft Skills:

• Experience managing projects in multiple technological and business environments using Agile.
• Strong oral/written communication, time management, problem solving, and analytical skills.
• Demonstrated ability to work under pressure when resolving complex issues with strict deadlines.

Having a basic understanding or exposure to AI tools would be a plus.