Automation Engineer (SOC Analyst) - ( CFC )

Company Description

About IGT1 Lanka

IGT1 Lanka is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world’s leading private equity firms; EQT Group, Hg, and TA Associates. We’re also proud to be a sister company of IFS, Sri Lanka’s largest and most established technology company.

At IGT1 Lanka, we partner with global businesses to scale operations, accelerate innovation, and build world-class SaaS platforms through high-quality offshore delivery. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives.

With a team of over 300 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary.

Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives.
 

About the client: CFC

CFC is a specialist insurance provider, pioneer in emerging risk and market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today’s most critical business risks.

Headquartered in London with offices across Europe, USA and Australia, CFC has over 1000 employees and is trusted by more than 150,000 businesses in 90 countries. Learn more at cfc.com and LinkedIn.

Job Description

About the role:

We are seeking a skilled SOC Automation Engineer with experience in SOAR or Hyperautomation platforms within an MSSP, Incident Response (IR), or multi-client security environment. This role will focus on developing, managing, and optimizing automation workflows using Torq Hyperautomation or similar SOAR platforms.

 The ideal candidate will be highly proficient in JSON manipulation, API integrations, and case management automation, ensuring seamless data exchange between security tools. This position will be based in Sri Lanka and will be instrumental in building scalable automation for our 24/7 SOC and IR operations.

 Key Responsibilities:

• Develop and optimize automation workflows within Torq Hyperautomation or other SOAR platforms (e.g., XSOAR, Splunk SOAR, LogicHub, Swimlane).
• Build API integrations between security tools such as SIEMs, EDRs, XDRs, case management systems, and cloud platforms.
• Extensively work with JSON formatting, parsing, and data transformations to enable seamless data exchange across multiple security platforms.
• Streamline incident response automation to improve efficiency, reduce MTTR, and enhance security event correlation.
• Design and maintain fault-tolerant automation processes that scale across thousands of clients.
• Maintain and optimize CI/CD pipeline infrastructure within a SOAR platform.
• Collaborate with SOC analysts, DFIR teams, and threat intelligence groups to refine and enhance automation capabilities.
• Lead migration projects to improve automation platforms, ensuring seamless transitions without impacting security operations.
• Continuously evaluate and implement emerging automation techniques to enhance SOC and MSSP workflows.

Qualifications

Preferred Skills and Experience :

Must-Have Skills & Experience

• 1+ years of experience in security automation, SOAR engineering, or cybersecurity automation within an MSSP, DFIR, or enterprise security environment.
• Extensive experience working with JSON, including JSON schema design, manipulation, parsing, and API-based data transformations.
• Strong scripting skills in Python, PowerShell, or Bash for workflow automation.
• Proficiency in API development and integration, including RESTful APIs, JSON-based APIs, and webhook automation.
• Experience working with SIEM (Splunk, Sentinel, QRadar, Rapid7 IDR, etc.) and EDR/XDR tools (CrowdStrike, SentinelOne, Stellar Cyber, Cortex XDR, etc.).
• Knowledge of incident response, threat intelligence, and security event lifecycle management.

Nice-to-Have Skills

• Experience in multi-client environments (MSSP, IR firms, or security service providers).
• Hands-on experience with Torq Hyperautomation, XSOAR, Splunk SOAR, or similar platforms.
• Certifications: Torq SOAR Analyst, Torq SOAR Expert, CompTIA Security+, AWS/Azure Security Certifications.
• Proficiency in using JQ filters for data manipulation.
• Familiarity with CI/CD pipelines (Azure DevOps)
• Experience automating cloud security workflows (AWS, Azure, Google Cloud).
• Familiarity with case management automation and cross-platform data normalization.
• Prior experience leading SOAR migration projects or developing custom security playbooks.