Security Automation Engineer (SOAR/XSOAR) | Davinsi Labs

Security Automation & Playbook Development

• Design, build, and maintain response playbooks in Cortex XSOAR for common and advanced security incidents.
• Translate detection alerts from SIEM and XDR platforms into automated investigation and response flows.
• Implement conditional logic, enrichment steps, human-in-the-loop approvals, and automated containment actions.

SOAR as Code

• Manage playbooks, integrations, scripts, and content packs using version control (Git).
• Apply software engineering best practices such as modularity, reusability, testing, and peer review.
• Contribute to standardized automation frameworks that can be reused across customers.

Platform Integrations

• Build and maintain integrations between XSOAR and:

• SIEM platforms o XDR / EDR solutions
• ITSM tools (incident creation, updates, closures) o Identity, network, and cloud security controls

• Troubleshoot and optimize integrations for reliability, performance, and scalability.

Incident Response Enablement

• Collaborate closely with Detection Engineering and Incident Response teams to define:

• Automated investigation steps o Response actions and containment strategies o Escalation and handover points to analysts

• Continuously improve response quality based on real incident feedback.

Automation Lifecycle Management

• Maintain and evolve our automation content library.
• Tune playbooks to reduce noise, false positives, and manual

Academische bachelor

Professionele bachelor, * You are passionate about IT security and automation, with several years of relevant professional experience.

• You have hands-on experience with SOAR platforms, preferably Palo Alto Cortex XSOAR.
• You are comfortable building response playbooks and automations end-toend.
• You strongly believe in automation as code and have experience with Gitbased workflows.
• Basic system engineering knowledge (Windows, Linux, networking, identity) is a plus.
• You have experience integrating security platforms such as SIEM, XDR, EDR, IAM, or ITSM tools.
• You understand security operations and incident response processes.
• Experience with scripting (Python, JavaScript) is a strong plus.
• You communicate smoothly in Dutch and English (written and oral). French is a plus.
• You are analytical, structured, and not afraid to challenge existing processes to improve them.

In today's digital world, organizations need to shift their approach to cyber security. Prevention alone is no longer sufficient. The ability to rapidly detect and respond to threats is essential. Organizations are increasingly turning to trusted strategic partners who can fully unburden them in the domain of detection and response. That's where we come in. We offer MDR as a value service to a broad spectrum of customers across different verticals - all equally exciting. Based in Belgium and the Netherlands, we help companies navigate the digital era and make data-driven decisions with confidence. We proudly serve clients in the top 200 across the Benelux, spanning a wide range of fascinating and diverse sectors. At Davinsi Labs, we love to inspire each other, collaborate closely, and pursue excellence together. We are building a workplace where fulfillment and happiness take center stage. Your mission: what can you expect from the job? You will join our Managed Detection & Response (MDR) teams with a strong focus on security automation and orchestration. As a Security Automation Engineer, your primary responsibility is to design, build, and maintain automated response capabilities using Palo Alto Cortex XSOAR. Your work will directly impact how efficiently and consistently security incidents are handled across complex customer environments. You will help scale our MDR service by translating detection signals into automated, reliable, and auditable response workflows. We strongly believe in SOAR as code: automation content is version-controlled, tested, and continuously improved. You will contribute to and integrate with the following technologies: * Palo Alto Cortex XSOAR * Microsoft Defender XDR and other XDR platforms * SIEM platforms (Microsoft Sentinel and others) * ITSM platforms (ServiceNow and equivalents) * Cloud, identity, network, and third-party security tooling