Jobs · remotefirstjobs
Security Automation Architect
Aperture Cloud · Remote · Posted 8d ago
About the role
Redesign SOC processes for AI-enabled security operations and automation.
Mission Transform security operations for the AI era. We are looking for a senior cybersecurity professional to help redesign how modern Security Operations Centers detect, investigate and respond to threats by combining Detection & Response expertise, security automation, AI automation and agentic AI capabilities. The role will focus on turning traditional SOC processes into intelligent, controlled and scalable workflows, where AI agents can assist analysts, automate repetitive tasks, enrich investigations, recommend actions and accelerate response while maintaining human oversight, auditability and security control. This is a hands-on architecture role at the intersection of SecOps, SIEM/SOAR, Detection Engineering, Incident Response and AI-native automation. The ideal candidate will help organizations move from manual, ticket-driven security operations toward a new operating model where analysts, automation and AI agents work together to increase speed, consistency and resilience. Key Responsibilities 1. AI-native SOC transformation · Analyze current SOC operating models, L1/L2 activities, escalation flows and response procedures. · Identify opportunities to automate, augment or redesign detection and response processes using AI automation and agentic workflows. · Translate analyst knowledge into structured, reusable and automatable workflows. · Define how AI agents can support alert triage, enrichment, investigation, prioritization and response. · Establish clear boundaries between autonomous actions, AI-assisted recommendations and human decision points. · Help organizations evolve from traditional SOC processes to AI-enabled security operations. 2. Detection & Response automation architecture · Define automation blueprints for common detection and response use cases. · Convert incident response playbooks into structured workflows. · Define decision trees, enrichment steps, evidence requirements and output formats. · Support the design of automated triage, false positive reduction and incident prioritization. · Create reusable patterns for investigation, containment, escalation and reporting. · Ensure automation is reliable, explainable and operationally useful for SOC teams. 3. Agentic security operations design · Define agent roles, responsibilities, permissions and execution boundaries. · Design human-in-the-loop models for sensitive or high-impact actions. · Define approval workflows, escalation paths and confidence thresholds. · Ensure agent recommendations are explainable, traceable and auditable. · Define logging and evidence requirements for AI-assisted decisions. · Identify and mitigate risks such as unsafe automation, hallucination, excessive permissions, prompt injection, data leakage or incorrect response actions. · Work with AI engineering teams to ensure agentic workflows are secure, controlled and aligned with security operations needs. 4. SIEM, SOAR and security tooling integration 5. Human-in-the-loop operating model 6. Continuous improvement and operational impact Relevant technology exposure The role is not limited to one vendor, but should be able to work with modern security operations and AI automation ecosystems, including: · SIEM platforms such as Microsoft Sentinel, Splunk, QRadar, Chronicle or similar. · SOAR platforms and automation frameworks. · XDR / EDR platforms and cloud security platforms. · Identity and access management systems. · Threat intelligence platforms. · Case management and ticketing tools. · AI automation platforms, agentic AI frameworks and enterprise AI orchestration environments. · Microsoft Foundry, Microsoft Security Copilot, Logic Apps, Azure Functions or automation runbooks, where relevant. 6+ years of experience in cybersecurity, with strong background in Detection & Response, SOC operations, security automation, SIEM engineering or security architecture. Proven experience designing or implementing AI automation, AI-assisted workflows, agentic automation or AI-enabled operational processes. Strong understanding of how modern SOCs operate across L1, L2 and L3 functions. Experience designing or improving detection use cases, triage processes, incident response procedures and SOC playbooks. Hands-on experience with SIEM and/or SOAR platforms. Ability to translate analyst procedures into structured workflows, decision trees and automation requirements. Good understanding of alert enrichment, case management, incident lifecycle management and escalation models. Practical understanding of identity, permissions, API integrations and secure automation design. Ability to work with SOC analysts, security architects, engineering teams and senior client stakeholders. Strong documentation skills, especially for operational procedures, use case specifications and technical architecture. Ability to design automation that works in real SOC environments, not just theoretical diagrams. Desirable experience with: Microsoft Sentinel, Defender XDR or Microsoft Security C
Read the full posting on remotefirstjobs →
FAQ
Is the Security Automation Architect role at Aperture Cloud remote?+
This Security Automation Architect position is listed as remote (Remote).
What is the salary for the Security Automation Architect role at Aperture Cloud?+
The listing states Estimated 128k-348k USD.
What seniority level is this Security Automation Architect role?+
This is a senior level position.
How do I apply for the Security Automation Architect role at Aperture Cloud?+
Use the "Apply on remotefirstjobs" button to open the original posting on remotefirstjobs, where you can submit your application directly to Aperture Cloud.