
CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com.
OnX is a leading technology solution provider that serves businesses, healthcare organizations, and government agencies across Canada. OnX combines deep technical expertise with a full suite of flexible technology solutions—including Generative AI, Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, OnX delivers comprehensive technology solutions for its clients’ transformative business initiatives. For more information, please visit www.onx.com.
Job Purpose
As a Security Automation Engineer I, you will contribute to the growth and maturity of our Security Operations team by developing and maintaining automation playbooks and workflows within our SOAR and XDR platforms. You will be responsible for translating analyst-driven investigation workflows into automation that accelerates triage, enrichment, containment, and remediation of issues across the SOC. A strong background in security operations is essential for this role. Understanding what happens before and after an alert is received is what separates functional automation from automation that reflects how real investigations work. By collaborating closely with SOC analysts and senior engineers, you will help reduce manual workload, improve response consistency, and support a more resilient security operation.
Experience
2+ years of experience as a SOC analyst, with senior analyst experience preferred. Candidates must demonstrate hands-on familiarity with alert triage, threat investigation, and escalation decision-making.
1-2 years of experience working with a SOAR platform, with Palo Alto XSIAM or XSOAR experience strongly preferred.
Education
Four-year college degree resulting in a bachelor's degree, or equivalent practical experience.
Certifications, Accreditations, Licenses
One or more of the following certifications:
Palo Alto Cortex, CompTIA Security+, CompTIA CySA+, GIAC GSEC, EC-Council CEH, and similar.
Special Knowledge
The ideal candidate has a solid understanding of cybersecurity principles, common attack techniques, and SOC operational workflows. Candidate will have experience with SIEM, SOAR, EDR/XDR, threat intelligence, endpoint protection, and email security technologies. Familiarity with SOAR playbook development is required, with Palo Alto XSIAM and/or XSOAR experience being strongly preferred. Candidates should understand common detection use cases including phishing, endpoint compromise, identity threats, and network anomalies.
Proficiency in Python for scripting and automation tasks is required. Candidates must be comfortable working with REST APIs, Regex, and JSON to build and troubleshoot platform integrations. Familiarity with Windows, MacOS, and Linux environments is expected.
Skills
Develop, test, and maintain automated playbooks and integrations across Palo Alto XSOAR and Cortex XSIAM. Collaborate with SOC analysts to identify manual, repetitive workflows and translate them into reliable automation. Experience integrating security tools and platforms to support cohesive, automated response workflows.
Strong analytical skills to evaluate playbook performance, identify logic gaps, and iterate based on analyst feedback and operational data. Effective problem-solving to troubleshoot integration and automation failures.
Clear verbal and written communication skills, with the ability to document playbook logic and contribute to design discussions across distributed teams.
Abilities
Ability to work independently, manage time effectively, and stay productive in a remote environment. Must be a collaborative team player capable of contributing to technical conversations and troubleshooting sessions. High attention to detail to ensure automation logic performs accurately under varied conditions.
Commitment to continuous learning and staying current with evolving threats, detection techniques, and automation capabilities. Ability to adapt playbook logic as the threat landscape and tool stack change over time.
Supervisory Responsibilities
No Supervisory Responsibility.
Managed Services Solutions
Chennai, India
Compartilhar no: