Freelance Security Engineer – SOAR Automation; Python

Position: Freelance Security Engineer – SOAR Automation (Python)
Role Overview
We are seeking an  experienced Freelance Security Engineer specializing in SOAR (Security Orchestration, Automation, and Response)  to support automation initiatives within enterprise  Security Operations Centers (SOC / Cyber Defense Centers) .
The consultant will design, build, and maintain  SOAR automation playbooks using Python , integrate multiple security platforms, and help optimize incident response workflows through security automation.
This role requires  hands-on experience with SOAR platforms, SIEM systems, Python scripting, and API integrations within SOC environments.

Key Responsibilities
SOAR Automation
Design and develop  SOAR playbooks using Python
Automate SOC investigation and response workflows
Integrate SOAR with multiple security platforms (SIEM, EDR, ITSM, cloud services)
Monitor playbook performance and troubleshoot automation failures
Implement  safe automated containment actions
Security Integrations
Develop  API-based integrations  between security tools
Integrate SOAR with:
SIEM platforms
EDR platforms
Firewalls
Cloud security tools
ITSM systems (e.g., Service Now)
SIEM & Detection Engineering
Work with SIEM alerts and detections
Develop and tune detection rules
Write queries and searches for investigations
Create dashboards and operational metrics
Map detections to  MITRE ATT&CK
Incident Response Support
Support SOC / CSIRT teams with investigation workflows
Automate containment and remediation actions
Improve response efficiency through automation
Security Automation Optimization
Identify SOC processes suitable for automation
Design scalable automation workflows
Measure automation impact using metrics such as:
MTTR
MTTD
False positive reduction
Analyst workload reduction
Client Collaboration
Work with SOC analysts, security architects, and IT teams
Gather automation requirements
Provide recommendations to improve SOC processes and tooling
Required Technical Skills
SOAR Platforms
Hands-on experience with at least one:
Splunk SOAR (Phantom)
Cortex XSOAR
Google Sec Ops SOAR
Other enterprise SOAR platforms
Programming
Strong  Python scripting

Experience with :
REST APIs
JSON parsing
Automation scripting
Error handling
Typical Python libraries:
requests
json
pandas
os
SIEM Platforms

Experience with at least one:
Splunk
Microsoft Sentinel
Google Chronicle / Google Sec Ops
Rapid7 IDR
Devo
Helix
Security Operations
Strong understanding of:
SOC operations
Incident response lifecycle
Alert triage and investigation
Threat containment and remediation
Security Tooling
Experience integrating or working with:
EDR platforms (e.g., Crowd Strike)
Cloud security tools
Identity systems
Network security tools
Firewalls
Cloud Security Experience

Experience with at least one cloud platform:
AWS
Azure
Google Cloud
Relevant logs and services:
AWS Cloud Trail
Guard Duty
Identity / authentication logs
API activity logs
Threat Intelligence & Detection
Understanding of:
MITRE ATT&CK framework
Detection engineering
Threat hunting concepts
Telemetry validation
Nice to Have
Experience working with  MDR / SOC environments

Experience with  Service Now integrations
Security automation architecture experience
Experience designing  enterprise SOC automation programs
Engagement Details
Role Type:  Freelance / Contract
Work Mode:  Remote
Duration:  Project-based / Long-term engagement possible
Ideal Candidate Profile
5+ years experience in  security operations / automation
Hands-on  SOAR playbook development
Strong  Python automation experience
Experience integrating multiple security tools via  APIs
Experience working with  enterprise SOC environments