Key skills
Barracuda XDR SOAR platformOffensive security operationsDetection engineeringMITRE ATT&CK FrameworkThreat intelligence researchCybersecurity certifications CIHCybersecurity certifications CEHCybersecurity certifications CompTIA Network+Cybersecurity certifications Security+SOC tools SIEMSOC tools SOARSOC tools EDRSOC tools email protectionSOC tools sandboxesSOC tools ticketing systemsAdvanced cyber attack vectors analysis ransomwareAdvanced cyber attack vectors analysis Business Email CompromiseIncident responseCloud platforms AWSCloud platforms AzureCloud platforms GCPAPI integrationAgentic AI systemsRetrieval-Augmented Generation (RAG) architecturesLarge Language Models (LLMs)API orchestration and automation pipelinesMCP servers and agent orchestration frameworksAI/ML for security operationsRAIMachine LearningMLGenerative AIOpenAIRAGAgenticAWSAzureGCPAgileCommunication
About this role
Barracuda is a company dedicated to making the world a safer place through cloud-enabled security solutions. They are looking for a Security Automation Engineer responsible for engineering the Barracuda XDR SOAR platform, conducting R&D efforts, and executing offensive security operations to enhance threat detection and response capabilities.
Responsibilities:
- Engineering the Barracuda XDR SOAR solution
- Sprint tasks within the SOC Agile Sprint cycle to continuously improve overall SOC maturity level and R&D efforts
- Develop and maintain documentation on new processes, tools, technologies, and on-going R&D efforts
- Integrating various APIs into the SOC tech stack
- Proactive threat hunting amongst partners' networks to identify malicious activity
- Attack and Defend activities to test current detections and develop new detections
- Ensuring MITRE ATT&CK Framework coverage is obtained by XDR detections
- Conduct threat intelligence research
- Train new and current cyber security analysts on existing or new technologies, new or existing processes
- Will be on a rotating 24x7x365 on-call schedule to investigate, triage, and help customers remediate active breaches/incidents
- Designing and implementing AI-driven security automations, including Agentic AI workflows to autonomously investigate, triage, and respond to alerts
- Building and maintaining Retrieval-Augmented Generation (RAG) pipelines to enhance threat intelligence enrichment, alert context, and analyst decision-making
- Developing and integrating AI agents with SOC tooling (SIEM, SOAR, EDR) to reduce manual effort and improve response times
- Leveraging LLMs and AI frameworks to automate repetitive SOC tasks such as alert analysis, ticket generation, and incident summarization
- Integrating and managing MCP servers and agent orchestration frameworks to enable scalable, modular AI-driven workflows
- Experimenting with and operationalizing machine learning models for anomaly detection, alert prioritization, and signal-to-noise improvement
- Driving R&D initiatives focused on applying Generative AI in cybersecurity, including detection engineering, threat hunting, and purple team exercises
- Building internal tools and prototypes that combine security data pipelines with AI capabilities to improve SOC efficiency and accuracy
Requirements:
- 4-5 years prior cybersecurity or SOC experience
- Bachelor's degree or Masters Degree in Cyber Security or Information Security or related field experience
- CIH, CEH, CompTIA Network+ or Security+, or other relevant certification
- Experience working with various SOC tools including SIEM, SOAR EDR, email protection, sandboxes, ticketing systems, etc
- Expertise with analyzing attack advanced cyber vectors such as ransomware, Business Email Compromise etc
- Experience responding to active security threats and incidents
- Experience with cloud tools such as AWS, Azure and GCP
- Experience working with APIs
- Experience troubleshooting in a technical environment, analytical, problem-solving skills with SOAR platform
- Customer service experience
- Experience with threat intelligence research, IOC gathering, and threat hunting
- Understanding of cybersecurity framework such as NIST, MITRE ATT&CK, etc
- Fundamental understanding of corporate IT environments, including networking, cloud infrastructure, etc
- Excellent verbal and written communication skills
- Hands-on experience building or working with Agentic AI systems, including multi-step autonomous workflows and tool-using agents
- Experience implementing RAG architectures, including vector databases, embeddings, and context retrieval strategies
- Familiarity with LLMs (e.g., OpenAI, open-source models) and their application in cybersecurity use cases
- Experience integrating AI into production environments, including API orchestration and automation pipelines
- Exposure to MCP servers, agent frameworks, or similar orchestration systems for managing AI-driven workflows
- Strong understanding of how to apply AI/ML to security operations problems such as alert fatigue, threat detection, and incident response
- Ability to evaluate and tune AI outputs for accuracy, reliability, and security relevance in a SOC environment