Companies you'll love to work for

The Position

You will be part of our Security Automation team that eliminates toil, accelerates incident response, and measurably reduces risk. You will be the hands-on expert designing, building, and operating automations across Microsoft Sentinel SOAR (playbooks/Logic Apps) and ServiceNow (Flow Designer, Orchestration, IntegrationHub). You’ll also collaborate on BI/ETL automations (BIDS/SSIS or modern equivalents) to keep dashboards trustworthy and real-time.

Duties and Responsibilities:

• Design & build SOAR playbooks in Microsoft Sentinel to automate enrichment, triage, notifications, containment, and post-incident tasks (e.g., block indicators, disable accounts, isolate endpoints).
• Automate ServiceNow workflows across ITSM/IR (Security Incident, Incident, Problem, Change), including case creation, field population, approvals, tasking, escalations, and bi-directional sync with SOC tools.
• Integrate ecosystems: EDR/XDR, firewalls, TI feeds, cloud platforms, identity stores (Entra ID), messaging (Teams/Slack), and evidence stores.
• Own reliability: implement robust error handling, retries/idempotency, health checks, observability (logs/metrics), and secrets management (e.g., Key Vault).
• BI/ETL automation (BIDS/SSIS or equivalent): partner with SecOps and Data/BI to automate data pipelines for security KPIs and dashboards (e.g., incidents, SLA/OLA, MTTR).
• Improve detection-to-response flow: enrich alerts, reduce false positives, and streamline handoffs between SIEM, SOAR, and ServiceNow.
• Governance & SDLC: version control (Git), code reviews, CI/CD, change control, documentation and runbooks.
• Enable the SOC: create reusable automation building blocks, write playbook docs, and train analysts to safely run automations.

Requirements:

• Bachelor’s degree in computer science/engineering or equivalent hands-on experience.
• Minimum 3 years working with ServiceNow and SOAR (Microsoft Sentinel preferred).
• 4+ years working with SOAR (preferably Microsoft Sentinel/Logic Apps) and/or 4+ years hands-on experience with ServiceNow automtions.
• Strong ServiceNow skills: Flow Designer, IntegrationHub/Spokes, Orchestration/MID Server, REST/SOAP integrations; solid grasp of ITSM/IR data models and CMDB relationships.
• Strong SOAR engineering: event parsing, enrichment patterns, containment actions, webhooks, OAuth/service principals, and API integrations.
• Proficiency in scripting/automation: Python and/or PowerShell; comfortable with JSON, REST, and event-driven patterns.
• Git-based SDLC and basic CI/CD familiarity; writing clean, tested, maintainable code.
• Clear, concise communication with engineers, analysts, and stakeholders.

Nice to have:

• KQL (Microsoft Sentinel analytics, hunting, watchlists, data connectors).
• Microsoft cloud automation: Azure Logic Apps, Functions, Automation Accounts, Key Vault, Managed Identities, RBAC.
• Experience with BIDS/SSIS/SSDT or Azure Data Factory for BI/ETL; building data feeds that power Power BI or similar dashboards.
• Knowledge of EDR/XDR (Microsoft Defender), TIPs, and common IR tools.
• Experience with IntegrationHub spokes (e.g., Microsoft, Slack/Teams, Jira) or building custom spokes.
• Familiarity with Infrastructure-as-Code (ARM/Bicep/Terraform), Zero Trust patterns.
• Practical security ops mindset: incident lifecycle, SOC workflows, MITRE ATT&CK concepts, and measurable improvements to MTTR.
• English – High-level proficiency (written and spoken)
• Desired certifications, courses and training :
  • SC-100: Microsoft Cybersecurity Architect.
  • AZ-500: Azure Security Engineer.
  • AZ-400: DevOps Engineer Expert.
  • DP-203: Data Engineer (ETL/ADF/Synapse)
  • CSA (Certified System Administrator) or CAD (Certified Application Developer)

Click here to know what it looks like working at Boehringer Ingelheim Business Services Philippines Inc.