Plain Concepts logo

Security Automation Architect (AI & SOC Transformation)

Plain Concepts Spain


No Relocation

Posted: July 7, 2026

Job Description

Mission

Transform security operations for the AI era.

We are looking for a senior cybersecurity professional to help redesign how modern Security Operations Centers detect, investigate and respond to threats by combining Detection & Response expertise, security automation, AI automation and agentic AI capabilities.

The role will focus on turning traditional SOC processes into intelligent, controlled and scalable workflows, where AI agents can assist analysts, automate repetitive tasks, enrich investigations, recommend actions and accelerate response while maintaining human oversight, auditability and security control.

This is a hands-on architecture role at the intersection of SecOps, SIEM/SOAR, Detection Engineering, Incident Response and AI-native automation.

The ideal candidate will help organizations move from manual, ticket-driven security operations toward a new operating model where analysts, automation and AI agents work together to increase speed, consistency and resilience.

What will you do?

You will play a key role in evolving traditional SOC environments into AI-native, automated and scalable security operations.

Your responsibilities will include:

  • Analyzing current SOC processes (L1/L2 workflows, alert triage, escalation paths).
  • Identifying opportunities to automate and improve detection & response.
  • Converting manual playbooks into structured, automated workflows.
  • Designing how AI agents assist analysts in triage, investigation and response.
  • Defining decision trees, enrichment logic and automation patterns.
  • Establishing clear boundaries between automation, AI and human decisions.
  • Designing human-in-the-loop models for critical actions.
  • Ensuring all automation is secure, explainable and auditable.

What makes this role unique?

You will work at the intersection of:

  • Security Operations (SecOps).
  • Detection & Response.
  • SIEM / SOAR automation.
  • Incident Response.
  • AI-driven security operations (Agentic AI).

Tech environment

You will work with modern security and automation ecosystems such as:

  • SIEM platforms (Microsoft Sentinel, Splunk, QRadar, Chronicle).
  • SOAR platforms and automation frameworks.
  • XDR / EDR and cloud security platforms.
  • Identity & Access Management (IAM).
  • Threat Intelligence platforms.
  • Case management and ticketing systems.
  • AI automation platforms and agentic AI frameworks.
  • Microsoft Security Copilot, Logic Apps, Azure Functions, Foundry.
MissionTransform security operations for the AI era.We are looking for a senior cybersecurity professional to help redesign how modern Security Operations Centers detect, investigate and respond to threats by combining Detection & Response expe...
  • 6+ years of experience in cybersecurity (SOC, SecOps, Detection & Response, etc.).
  • Strong background in security automation, SIEM or SOAR.
  • Experience designing or improving detection use cases and incident response workflows.
  • Hands-on experience working with SOC environments (L1, L2, L3).
  • Ability to translate analyst knowledge into automation and workflows.
  • Understanding of incident lifecycle, enrichment and escalation processes.
  • Experience working with technical teams and business stakeholders.
  • Practical mindset: ability to design solutions that work in real environments.
  • Fluent in Spanish and English.

Nice to have

  • Experience with Microsoft Sentinel, Defender XDR or Security Copilot
  • Experience in SOC automation / SOAR implementations
  • Knowledge of detection engineering and MITRE ATT&CK
  • Experience with KQL, SPL or similar query languages
  • Exposure to AI-driven workflows or automation
  • Experience in SOC transformation programs or MSSP environments

Additional Content

Mission

Transform security operations for the AI era.

We are looking for a senior cybersecurity professional to help redesign how modern Security Operations Centers detect, investigate and respond to threats by combining Detection & Response expertise, security automation, AI automation and agentic AI capabilities.

The role will focus on turning traditional SOC processes into intelligent, controlled and scalable workflows, where AI agents can assist analysts, automate repetitive tasks, enrich investigations, recommend actions and accelerate response while maintaining human oversight, auditability and security control.

This is a hands-on architecture role at the intersection of SecOps, SIEM/SOAR, Detection Engineering, Incident Response and AI-native automation.

The ideal candidate will help organizations move from manual, ticket-driven security operations toward a new operating model where analysts, automation and AI agents work together to increase speed, consistency and resilience.

What will you do?

You will play a key role in evolving traditional SOC environments into AI-native, automated and scalable security operations.

Your responsibilities will include:

  • Analyzing current SOC processes (L1/L2 workflows, alert triage, escalation paths).
  • Identifying opportunities to automate and improve detection & response.
  • Converting manual playbooks into structured, automated workflows.
  • Designing how AI agents assist analysts in triage, investigation and response.
  • Defining decision trees, enrichment logic and automation patterns.
  • Establishing clear boundaries between automation, AI and human decisions.
  • Designing human-in-the-loop models for critical actions.
  • Ensuring all automation is secure, explainable and auditable.

What makes this role unique?

You will work at the intersection of:

  • Security Operations (SecOps).
  • Detection & Response.
  • SIEM / SOAR automation.
  • Incident Response.
  • AI-driven security operations (Agentic AI).

Tech environment

You will work with modern security and automation ecosystems such as:

  • SIEM platforms (Microsoft Sentinel, Splunk, QRadar, Chronicle).
  • SOAR platforms and automation frameworks.
  • XDR / EDR and cloud security platforms.
  • Identity & Access Management (IAM).
  • Threat Intelligence platforms.
  • Case management and ticketing systems.
  • AI automation platforms and agentic AI frameworks.
  • Microsoft Security Copilot, Logic Apps, Azure Functions, Foundry.
MissionTransform security operations for the AI era.We are looking for a senior cybersecurity professional to help redesign how modern Security Operations Centers detect, investigate and respond to threats by combining Detection & Response expe...
  • 6+ years of experience in cybersecurity (SOC, SecOps, Detection & Response, etc.).
  • Strong background in security automation, SIEM or SOAR.
  • Experience designing or improving detection use cases and incident response workflows.
  • Hands-on experience working with SOC environments (L1, L2, L3).
  • Ability to translate analyst knowledge into automation and workflows.
  • Understanding of incident lifecycle, enrichment and escalation processes.
  • Experience working with technical teams and business stakeholders.
  • Practical mindset: ability to design solutions that work in real environments.
  • Fluent in Spanish and English.

Nice to have

  • Experience with Microsoft Sentinel, Defender XDR or Security Copilot
  • Experience in SOC automation / SOAR implementations
  • Knowledge of detection engineering and MITRE ATT&CK
  • Experience with KQL, SPL or similar query languages
  • Exposure to AI-driven workflows or automation
  • Experience in SOC transformation programs or MSSP environments