Skip to main content
POST ATLAS
RoleCybersecurity

Security Automation Engineer

SOAR playbooks, glue scripts, ticket enrichment, replacing your own toil.

The verdict

A small but quietly excellent niche. Take it if you can code properly and security tooling actually interests you, skip if either is missing.

Pick this if
  • You can write maintainable Python and read someone else's without complaining
  • You enjoy turning manual workflows into reproducible ones
  • You're patient with vendor APIs that lie
  • You like being measured on time saved, not tickets closed
Skip this if
  • You see SOAR as a checkbox rather than a software project
  • You don't enjoy maintaining what you build long after it's interesting
  • You haven't done security ops work yourself, you'll automate the wrong things
What "doing well" looks like in the seat
  • Your playbooks survive personnel changes in the SOC
  • Analysts ask for changes rather than working around your automation
  • You can quantify hours returned to the team each quarter
  • Your code passes review from the platform team, not just the security team
The bit you're probably underestimating

The market is shallow and the title varies wildly. At one org you'll be a senior engineer reporting into security with real autonomy, at another you'll be the SOAR person who tweaks playbooks the vendor shipped. Interview for who owns the code, what languages they actually write in, and how much of the automation is real software versus drag-and-drop. If it's mostly drag-and-drop, your skills won't travel.

Tradeoffs at a glance

Hover any chip for the calibrated meaning. Ratings are directional, not absolute.

Promotion ceiling

Moderate to high. Often a stepping stone to detection or platform sec.

Who actually gets in
  • +Senior SOC who codes
  • +Detection Engineer
  • +DevSecOps
Common misconceptions
  • That it's a junior role. Needs real Python and security domain knowledge.

Where this leads

  • Detection Engineering
  • DevSecOps
  • Platform Security

Tech you'll see

  • Python
  • Logic Apps

Pathways that pass through here

The serious next step

You've read about the role. The harder question is whether it's the right one for you.

A Career Verdict is the written, practitioner-authored call on your specific route into and out of this role. Six primitives, same format every time.

Plateau zone
The flat year nobody warns you about, named and timed.
Reality vs Fantasy
Your actual five-year curve against the one you've been sold.
What to sit and what to skip
Each cert on your list: useful, optional, or skip, with reasons.
The call
A single written judgment on whether your plan holds up.
Tradeoff spectrum
What you're giving up for what you're choosing, plotted.
Decisive factors
The two or three things that will actually make or break this.
See what a Career Verdict looks like£25 · one verdict, yours to keep

Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.

All roles