SOAR Automation Manager

The Operational Security Automation role evolves in 2024 to integrate generative AI and agentic AI as core drivers of security center operations. This position transforms traditional SOCs or VOCs into autonomous operational centers capable of contextual reasoning, decision-making, and action.

Key Responsibilities:

Intelligent AI Workflow Development

• Design of self-adaptive playbooks using LLMs (GPT-4, Claude, Mistral)
• Creation of orchestrated APIs for autonomous agentic workflows
• Integration of MCP (Model Context Protocol) and Agent2Agent protocols
• Development of AI agents for contextual automatic incident triage

AI Autonomous Operations Governance

• Supervision of autonomous decisions with human validation mechanisms
• ROI measurement of deployed generative AI systems
• Compliance with AI Act, DORA, and NIS2 frameworks for autonomous AI
• Performance management according to agentic SLAs/SLOs

AI Strategy and Innovation

• Development of strategic roadmap for agentic AI implementation
• Technology watch on generative model evolution
• Integration of innovative perspectives from AI threat landscape
• Benchmarking of SOAR platforms with agentic capabilities

AI Performance Management

• Definition of specific KPIs for generative systems
• Analysis of contextual relevance of autonomous decisions
• Measurement of automatically generated playbook effectiveness
• Continuous model optimization through fine-tuning

AI Skills Development

• Planning of required competencies for the agentic AI era
• Continuous training on fine-tuning and LLM optimization
• Management of specialized technical resources in generative AI
• Creation of AI upskilling programs

Required Experience:

• 10-12+ years in information Security with cloud and AI focus
• 5+ years of experience in managing a team of SOAR or SIEM members.
• Mastery of agile methodologies adapted to AI cycles

Experience in Agentic SOAR Platforms

1. Tines AI with generative capabilities
2. XSOAR with Cortex XSIAM and integrated AI
3. IBM Resilient with advanced Watson AI
4. Swimlane with agentic modules

AI Protocols and Standards

1. Model Context Protocol (MCP) - Anthropic
2. Agent2Agent (A2A) - Google

AI PERFORMANCE INDICATORS:

Generative Metrics

1. Automatic playbook generation rate
2. Generated decision quality (precision/recall)
3. Response time reduction through AI
4. Measurable ROI of AI investments

Agentic Metrics

1. Validated autonomous decision rate
2. Containment latency with AI agents
3. Incidents resolved without human intervention
4. Performance of self-adaptive systems

Operational Metrics

1. SLA/SLO compliance with AI systems
2. Automatic threat pattern coverage
3. Scalability of deployed agentic solutions
4. Team adoption rates of AI tools

AI REGULATORY CONTEXT

Required Compliance

1. EU AI Act regulation
2. DORA directives for digital finance
3. NIS2 for network security

AI Risk Governance

1. Mapping of specific agentic AI risks
2. Procedures for validating autonomous decisions
3. AI audit and traceability mechanisms
4. Continuity plans for AI failures