The API Workflow Developer will design, build, test, and maintain cybersecurity automation workflows and integrations within an enterprise Security Orchestration, Automation, and Response (SOAR) environment.
Design, develop, test, deploy, and maintain SOAR playbooks, workflows, integrations, and automated response actions.
Translate manual cybersecurity and compliance processes into documented, repeatable, and scalable automation workflows.
Develop REST API integrations between the SOAR platform and SIEM, EDR, ticketing, identity, asset-management, vulnerability-management, threat-intelligence, and GRC systems.
Write and maintain Python scripts, API clients, custom connectors, functions, data parsers, and reusable automation components.
Troubleshoot failed workflows, API errors, authentication issues, malformed data, integration defects, and platform performance problems.
Collaborate with analysts, incident responders, engineers, and process owners to gather requirements and define automation use cases.
Test workflows using representative data and validate that automated actions produce accurate, secure, and expected results.
Maintain API documentation, workflow diagrams, configuration records, runbooks, test results, and deployment procedures.
Use source control, code review, configuration management, and controlled release processes to manage automation content.
Monitor deployed automations, review execution logs and performance metrics, and continuously improve reliability and efficiency.
Provide operational support, defect remediation, platform maintenance, and knowledge transfer for SOAR workflows and integrations.
Requirements
Bachelor’s degree in computer science, cybersecurity, information technology, engineering, or a related field, or equivalent professional experience.
Three to five years of experience in API development, workflow automation, security engineering, software development, or a related technical role.
Demonstrated hands-on experience developing SOAR playbooks and integrations using platforms such as Palo Alto Cortex XSOAR, Splunk SOAR, Tines, Swimlane, Torq, or an equivalent solution.
Proficiency in Python and experience developing scripts for automation, data processing, API integration, and error handling.
Strong experience with REST APIs, JSON, webhooks, OAuth 2.0, API keys, tokens, certificates, and other authentication methods.
Working knowledge of cybersecurity operations, including incident response, alert triage, threat intelligence, vulnerability management, and case management.
Experience with Git, code reviews, testing, debugging, logging, documentation, and structured software-development practices.
Ability to troubleshoot integrations across multiple systems and analyze logs, HTTP responses, data payloads, and workflow execution results.
Strong communication and collaboration skills, with the ability to convert operational requirements into reliable technical solutions.
Clearance Requirement: Ability to obtain may be required
Tech Stack
Cyber Security
Python
Splunk
Benefits
Competitive salary, paid twice per month
Best in class medical coverage
100% of medical premiums covered by True Zero
Company wide new business incentive programs
Contribution Incentives (i.e. white papers, blog posts, internal webinars, etc.)
3 weeks of PTO starting + 11 Paid Holidays Annually
401k Program with 100% company match on the first 4%
Monthly reimbursement of Cell Phone and Home Internet costs
Paternity/Maternity Leave
Investment in training and certifications to broaden and deepen your technical skills