# Security Automation Architect (SIEM/SOAR & AI)

> Plain Concepts · Spain (Remote) · Full-time · Posted 2026-07-07

**Workplace:** remote

**Department:** Management

## Description

**Mission**

Transform security operations for the AI era.

We are looking for a senior cybersecurity professional to help redesign how modern Security Operations Centers detect, investigate and respond to threats by combining Detection & Response expertise, security automation, AI automation and agentic AI capabilities.

The role will focus on turning traditional SOC processes into intelligent, controlled and scalable workflows, where AI agents can assist analysts, automate repetitive tasks, enrich investigations, recommend actions and accelerate response while maintaining human oversight, auditability and security control.

This is a hands-on architecture role at the intersection of SecOps, SIEM/SOAR, Detection Engineering, Incident Response and AI-native automation.

The ideal candidate will help organizations move from manual, ticket-driven security operations toward a new operating model where analysts, automation and AI agents work together to increase speed, consistency and resilience.

**Key Responsibilities**

### 1\. AI-native SOC transformation

·       Analyze current SOC operating models, L1/L2 activities, escalation flows and response procedures.

·       Identify opportunities to automate, augment or redesign detection and response processes using AI automation and agentic workflows.

·       Translate analyst knowledge into structured, reusable and automatable workflows.

·       Define how AI agents can support alert triage, enrichment, investigation, prioritization and response.

·       Establish clear boundaries between autonomous actions, AI-assisted recommendations and human decision points.

·       Help organizations evolve from traditional SOC processes to AI-enabled security operations.

### 2\. Detection & Response automation architecture

·       Define automation blueprints for common detection and response use cases.

·       Convert incident response playbooks into structured workflows.

·       Define decision trees, enrichment steps, evidence requirements and output formats.

·       Support the design of automated triage, false positive reduction and incident prioritization.

·       Create reusable patterns for investigation, containment, escalation and reporting.

·       Ensure automation is reliable, explainable and operationally useful for SOC teams.

### 3\. Agentic security operations design

·       Define agent roles, responsibilities, permissions and execution boundaries.

·       Design human-in-the-loop models for sensitive or high-impact actions.

·       Define approval workflows, escalation paths and confidence thresholds.

·       Ensure agent recommendations are explainable, traceable and auditable.

·       Define logging and evidence requirements for AI-assisted decisions.

·       Identify and mitigate risks such as unsafe automation, hallucination, excessive permissions, prompt injection, data leakage or incorrect response actions.

·       Work with AI engineering teams to ensure agentic workflows are secure, controlled and aligned with security operations needs.

### 4\. SIEM, SOAR and security tooling integration

### 5\. Human-in-the-loop operating model

### 6\. Continuous improvement and operational impact

### Relevant technology exposure

The role is not limited to one vendor, but should be able to work with modern security operations and AI automation ecosystems, including:

·       SIEM platforms such as Microsoft Sentinel, Splunk, QRadar, Chronicle or similar.

·       SOAR platforms and automation frameworks.

·       XDR / EDR platforms and cloud security platforms.

·       Identity and access management systems.

·       Threat intelligence platforms.

·       Case management and ticketing tools.

·       AI automation platforms, agentic AI frameworks and enterprise AI orchestration environments.

·       Microsoft Foundry, Microsoft Security Copilot, Logic Apps, Azure Functions or automation runbooks, where relevant.

## Requirements

-   6+ years of experience in cybersecurity, with strong background in Detection & Response, SOC operations, security automation, SIEM engineering or security architecture.
-   Proven experience designing or implementing AI automation, AI-assisted workflows, agentic automation or AI-enabled operational processes.
-   Strong understanding of how modern SOCs operate across L1, L2 and L3 functions.
-   Experience designing or improving detection use cases, triage processes, incident response procedures and SOC playbooks.
-   Hands-on experience with SIEM and/or SOAR platforms.
-   Ability to translate analyst procedures into structured workflows, decision trees and automation requirements.
-   Good understanding of alert enrichment, case management, incident lifecycle management and escalation models.
-   Practical understanding of identity, permissions, API integrations and secure automation design.
-   Ability to work with SOC analysts, security architects, engineering teams and senior client stakeholders.
-   Strong documentation skills, especially for operational procedures, use case specifications and technical architecture.
-   Ability to design automation that works in real SOC environments, not just theoretical diagrams.

**Desirable experience with:**

-   Microsoft Sentinel, Defender XDR or Microsoft Security Copilot.
-   Microsoft Foundry or Azure AI-based automation.
-   Agentic AI workflows in cybersecurity or IT operations.
-   Loop generation and maintenance
-   SOC automation / SOAR implementation.
-   Logic Apps, Azure Functions or automation runbooks.
-   KQL, SPL or equivalent SIEM query languages.
-   Detection engineering and MITRE ATT&CK mapping.
-   Threat intelligence enrichment.
-   Incident response automation.
-   XDR / EDR platforms and cloud security operations.
-   Case management integration.
-   Enterprise SOC transformation programs.
-   MDR/MSSP operating models.
-   Purple teaming or detection validation.
-   DevSecOps or infrastructure automation.
-   GRC/control evidence automation for security operations.

## Benefits

-   Salary determined by the market and your experience 🤑

-   Flexible schedule 35 Hours / Week 😎
-   Fully remote work (optional) 🌍
-   Flexible compensation (restaurant, transport, and childcare) ✌
-   Fully free health insurance, with a co-payment for dental services 🚑
-   Individual budget for training or equipment and free Microsoft certifications 📚
-   English lessons 🗽
-   Birthday day off 🌴🥳
-   Monthly bonus for electricity and Internet expenses at home 💻
-   Discount on gym plan and sports activities 🔝
-   Plain Camp (annual team-building event) 🎪
-   Extra perks: events attendance and speakers, welcome pack, baby basket, Christmas basket, discount portal for employees ➕ The pleasure of always working with the latest technological tools!

**Will you let us know you better?**

The selection process: Simple, just 3 steps.

-   Phone screen
-   2 interviews with the team 🤘

**What is Plain Concepts?**

Plain Concepts is a global company of over 500 people passionate about technology and innovation. Since our founding, we have grown through technical proficiency and confidence in ideas that others might consider risky, creating custom solutions for our clients. With offices in more than 6 countries, our mission is to continue to drive cuttingedge projects around the world.

We are highly committed to technical excellence. We are known for developing highly customized projects, offering specialized technical consultancy and training.

Thanks to the great work of our technicians, we have been recognized for our ability to lead innovative projects that generate value, from artificial intelligence to blockchain, driving solutions that help companies optimize their performance.

**What we do at Plain Concepts?**

We pride ourselves on being a 100% technical team, dedicated to crafting custom projects from scratch, offering expert technical consultancy, and providing top-tier training.

-   Our approach goes beyond traditional outsourcing; we focus on creating value together with our clients.
-   Our teams are diverse and multidisciplinary, operating in a flat, collaborative structure.
-   We live and breathe AGILE principles, ensuring flexibility and efficiency in everything we do.
-   Knowledge-sharing is at our core: from supporting each other internally to contributing to the broader tech community through conferences, events, and talks.
-   Innovation drives us — even the boldest ideas are welcome here.
-   Transparency underpins all our relationships, fostering trust and long-term partnerships.

**Want to learn more?**

Check out our website! ➡ [https://www.plainconcepts.com/](https://www.plainconcepts.com/)

At Plain Concepts, we certainly seek to provide equal opportunities. We want diverse applicants regardless of race, colour, gender, religion, national origin, citizenship, disability, age, sexual orientation, or any other characteristic protected by law.

## Apply

[Apply at Plain Concepts](https://apply.workable.com/plainconcepts/j/8D119934A9/apply)

---
Powered by [Workable](https://www.workable.com)
