← All Roles
Cybersecurity & Security Operations
Senior Security Automation Engineer
Full-Time · Accra, Ghana (On-Site)
Build and migrate SOAR automation — Cortex XSOAR playbooks, custom integrations, and modernization to next-generation agentic platforms — turning alert noise into engineered response.
What You Will Do
- Design, build, and maintain production SOAR playbooks on Cortex XSOAR — alert enrichment, deduplication, auto-triage, and response orchestration that analysts actually trust.
- Develop custom integrations in Python against the tools a modern SOC runs on: EDR (CrowdStrike, SentinelOne), SIEM (Splunk, Microsoft Sentinel), ticketing and ITSM (ServiceNow), threat intelligence, and identity platforms.
- Lead SOAR content migrations and modernization — including moving playbook libraries from classic XSOAR to next-generation agentic automation platforms — without breaking the response workflows that depend on them.
- Treat automation content as code: version control, peer review, testing in staging, and controlled promotion to production.
- Engineer the judgment layer, not just the plumbing: human-in-the-loop checkpoints for destructive actions, confidence thresholds, and escalation paths when automation should stop and ask.
- Measure what you build: time-to-triage, false-positive burn-down, analyst hours returned — and defend the numbers.
What We’re Looking For
- 4+ years in security operations or security engineering, with at least 2 years building SOAR automation in production (Cortex XSOAR strongly preferred; Splunk SOAR, Tines, or Swimlane considered).
- Strong Python for integration development — REST APIs, authentication flows, pagination, rate limits, and the unglamorous edges of vendor APIs.
- Real SOC context: you understand alerts, IOCs, MITRE ATT&CK, and the difference between an alert that needs a playbook and one that needs a tuning ticket.
- Judgment about what NOT to automate — you can articulate where a human must stay in the loop and why.
- Experience treating automation content as software: Git workflows, testing, staged rollouts.
- Flawless English communication — you will walk international security teams through what your playbooks do and prove they work.
About Thadium
Thadium is building a world-class engineering team in Accra, Ghana — engineers, security analysts, and platform specialists who deliver real enterprise technology for international clients. We work to international standards, with on-site mentorship, a professional office, and projects that grow careers. We're early, and we're hiring the people who will define what Thadium becomes.
How to Apply
- Location: on-site at the Thadium office in Accra, Ghana.
- Schedule: core hours overlap with international (U.S. daytime) teams.
- Submit your CV (PDF) and a link to your LinkedIn or GitHub profile.