Workflow Orchestration: Design automated playbooks for common security scenarios (e.g., phishing triage, host isolation, user offboarding) using code or logic flows.
API Integration: Build custom connectors to link disparate systems (e.g., SIEM, EDR, Ticketing Systems) via REST/gRPC APIs.
ChatOps: Develop bots for internal collaboration platforms (e.g., Slack/Teams) to enable self-service security tasks.
AI-Driven Triage: Implement Generative AI workflows to autonomously parse tickets, summarize alerts, and extract Indicators of Compromise (IoCs).
Must-Have Skills
Scripting & Coding: Strong proficiency in Python or Golang with a focus on API interaction and data processing.
Integration Patterns: Expert understanding of Webhooks, RESTful design, and authentication methods (OIDC/OAuth/API Keys).
Operational Logic: Experience with SOAR concepts (Logic Apps, Serverless Functions, or Workflow Engines) to automate decision trees.
Security Context: Understanding of the Incident Response lifecycle and standard data formats (JSON, YAML).
Preferred / Nice To Have
Experience with ITSM platforms (e.g., ServiceNow/Jira) for automated ticketing.
Frontend knowledge (JS/TS) for building simple internal dashboards or Browser Extensions.
Experience with Containerization (Docker) for deploying automation scripts.
