← All Roles

Cybersecurity & Security Operations

Senior Security Automation Engineer

Full-Time · Accra, Ghana (On-Site)

Build and migrate SOAR automation — Cortex XSOAR playbooks, custom integrations, and modernization to next-generation agentic platforms — turning alert noise into engineered response.

What You Will Do

  • Design, build, and maintain production SOAR playbooks on Cortex XSOAR — alert enrichment, deduplication, auto-triage, and response orchestration that analysts actually trust.
  • Develop custom integrations in Python against the tools a modern SOC runs on: EDR (CrowdStrike, SentinelOne), SIEM (Splunk, Microsoft Sentinel), ticketing and ITSM (ServiceNow), threat intelligence, and identity platforms.
  • Lead SOAR content migrations and modernization — including moving playbook libraries from classic XSOAR to next-generation agentic automation platforms — without breaking the response workflows that depend on them.
  • Treat automation content as code: version control, peer review, testing in staging, and controlled promotion to production.
  • Engineer the judgment layer, not just the plumbing: human-in-the-loop checkpoints for destructive actions, confidence thresholds, and escalation paths when automation should stop and ask.
  • Measure what you build: time-to-triage, false-positive burn-down, analyst hours returned — and defend the numbers.

What We’re Looking For

  • 4+ years in security operations or security engineering, with at least 2 years building SOAR automation in production (Cortex XSOAR strongly preferred; Splunk SOAR, Tines, or Swimlane considered).
  • Strong Python for integration development — REST APIs, authentication flows, pagination, rate limits, and the unglamorous edges of vendor APIs.
  • Real SOC context: you understand alerts, IOCs, MITRE ATT&CK, and the difference between an alert that needs a playbook and one that needs a tuning ticket.
  • Judgment about what NOT to automate — you can articulate where a human must stay in the loop and why.
  • Experience treating automation content as software: Git workflows, testing, staged rollouts.
  • Flawless English communication — you will walk international security teams through what your playbooks do and prove they work.

About Thadium

Thadium is building a world-class engineering team in Accra, Ghana — engineers, security analysts, and platform specialists who deliver real enterprise technology for international clients. We work to international standards, with on-site mentorship, a professional office, and projects that grow careers. We're early, and we're hiring the people who will define what Thadium becomes.

How to Apply

  • Location: on-site at the Thadium office in Accra, Ghana.
  • Schedule: core hours overlap with international (U.S. daytime) teams.
  • Submit your CV (PDF) and a link to your LinkedIn or GitHub profile.
Apply for This Role →