SOAR Automation Engineer/GenAI Engineer

Who We Are

At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward - always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities.

The Role

Key Responsibilities

1. SOAR Automation Development

• Design, build, and maintain automation playbooks in Azure Logic Apps for triage, enrichment, containment, and remediation workflows.
• Integrate playbooks with third-party tools such as ServiceNow, Jira, Microsoft Teams, Slack, and email gateways for seamless orchestration.
• Create manual and automated triggers for alerts and incidents originating from Microsoft Sentinel and related platforms.
• Manage and refine automation rules to orchestrate multi-step, conditional responses across correlated analytics rules.
• Develop custom connectors and APIs to extend automation capabilities across cloud and on-prem environments.
• Maintain source control, versioning, and documentation for all playbooks and automation artifacts.
• Collaborate with SOC Analysts, Detection Engineers, and Platform Owners to align automations with operational priorities and security SLAs.

• Participate in SOC transformation workshops to identify automation opportunities, process bottlenecks, and SLA improvements.
• Work with SOC leadership to define and refine KPIs related to Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), ticket volume reduction, and manual intervention rates.
• Contribute to continuous improvement cycles by analyzing automation performance, user adoption, and incident outcomes.
• Support audit and governance reviews by maintaining compliance-ready automation documentation.

• Design and maintain real-time, interactive Power BI dashboards providing end-to-end visibility into SOC operations, incident trends, and performance metrics.
• Build CXO-level and SOC lead dashboards using Power BI Service and Desktop, integrating data from:
  
  
  • Microsoft Sentinel (Incidents, Alerts)
  • Azure Monitor / Log Analytics
  • Kyndryl Bridge, ServiceNow, and other telemetry sources.
• Implement predictive analytics and anomaly detection layers using GenAI and ML models to forecast risk and detect outliers.
• Automate data refreshes, alerting, and scorecards to support SLA and KPI tracking.
• Collaborate with governance and operations teams to define data models, DAX measures, and visual standards for SOC reporting.

• Design and embed GenAI-powered workflows into SOC processes for incident summarization, automated RCA generation, and contextual threat response.
• Co-develop AI-driven playbooks and prompt templates that continuously learn and adapt based on incident data.
• Use Microsoft Copilot Studio, Copilot Agents, and Kyndryl Bridge AI services to enable autonomous detection and response orchestration.
• Develop conversational interfaces and chatbot visual layers within Power BI and SOC portals for interactive, AI-guided analytics.
• Ensure AI systems follow Responsible AI practices, including explainability, fairness, and human-in-the-loop controls.
• Work closely with Data Scientists and AI Engineers to align GenAI capabilities with SOC goals and regulatory standards.

• Partner with SOC Leads, Incident Managers, and Content Developers to integrate automation with existing playbooks and IR procedures.
• Collaborate with Platform Engineers to maintain high performance and availability of SOAR and analytics systems.
• Contribute to SOC governance meetings, sharing insights on automation KPIs, GenAI outcomes, and CSI (Continual Service Improvement) recommendations.
• Maintain alignment between automation/AI initiatives and business objectives, cybersecurity frameworks, and compliance requirements.

• 6-10 years of experience in SOC Operations, Automation, or AI Engineering, preferably in large-scale or MSSP environments.
• Proven hands-on expertise in:
  
  
  • Microsoft Sentinel SOAR and Azure Logic Apps
  • Power BI (Service, Desktop, DAX, and Power Query)
  • Azure Functions, REST APIs, and KQL (Kusto Query Language)
  • Microsoft Copilot, Azure OpenAI, or Kyndryl Bridge AI for GenAI integrations
  • ServiceNow / Jira / Teams / Slack APIs for workflow automation
• Experience with incident lifecycle automation, SIEM-to-ITSM integration, and multi-step orchestration.
• Familiarity with predictive analytics, anomaly detection, and GenAI prompt engineering.
• Strong understanding of SOC metrics, SLAs, and KPI tracking.
• Knowledge of data visualization, model monitoring, and AI ethics principles.