About Ekco

🚀 Founded in 2016, Ekco has quickly become one of Europe’s fastest-growing cloud solution providers and your trusted security-first Managed Service Provider.
IT leaders choose Ekco to drive operational efficiency, scale smarter and stay ahead of risk – powered by local expertise, delivered at European scale.

We specialise in helping organisations advance their cloud maturity guiding transformation, strengthening security, and maximising the value of their technology investments.

☁️ In simple terms: we help organisations modernise with confidence securing their systems, optimising their cloud, and keeping them resilient in a rapidly changing world.

🌍 Today, we’re a thriving team of 1,000+ talented and supportive colleagues across the UK, Ireland, Benelux, South Africa, and Malaysia—and we’re continuing to grow.

At Ekco, how we work matters as much as what we deliver. Our people live by four core values that shape everything we do:

• On It: We take ownership, follow through, and get things done.

• All In : We collaborate, support each other, and commit fully to shared goals.

• Connected: We build trusted relationships with colleagues, clients, and partners.

• Hungry to Grow: We stay curious, keep learning, and push ourselves to the next level.

🏠If these values resonate with you, you’ll feel right at home here.

The Role

Day-to-day at Ekco:

Working as a Cyber Workflow Developer within our SecOps Professional Services team, you will be at the core of delivering intelligent automation and workflow transformation services to our clients. You will be responsible for designing, building and maintaining security playbooks for our clients using workflow automation and SOAR technologies, with a view to continuously enhancing how security teams operate. This role requires experience of technical SOAR or workflow automation development, automation design, and workflow process insight.

You’ll work closely with client stakeholders, workflow analysts and operations teams to identify repetitive and manual tasks, then use automation platforms to streamline, enrich and orchestrate responses. The role goes beyond building playbooks — it’s about enabling sustainable, auditable and transformational change within cyber operations environments

What you’ll be responsible for:

As an Ekco Cyber Workflow Developer, you will play a key role in:

· Designing, building, and maintaining workflow and SOAR playbooks and automation, with a focus on high-impact, scalable outcomes.

· Collaborating with operations teams to understand and map current-state operational workflows and design efficient, future-state automated processes.

· Developing integrations with third-party tools, threat intel platforms, SIEMs, and APIs to support seamless orchestration.

· Supporting the continuous improvement of playbook performance through iterative development, testing and refinement.

· Conducting thorough testing and simulation (unit and regression) to ensure reliable, auditable playbook execution.

· Reviewing technical configurations across automation platforms and dependent systems to ensure consistency with workflow design.

· Creating and maintaining detailed documentation, including architecture diagrams, workflow maps, and operational playbook descriptions.

· Designing reporting and metric dashboards to demonstrate ROI and adoption of automation workflows.

· Identifying opportunities for new automation use cases and contributing to the long-term roadmap for client automation evolution.

About You

· Demonstrable experience designing and developing playbooks in a SOAR or workflow automation platform (Chronicle SOAR, Tines, Torq, FortiSOAR, etc.).

· Strong scripting skills (Python etc.), with the ability to create modular, scalable automation logic.

· Good understanding of alert and incident triage workflows within a SOC or similar environment.

· Familiarity with common cyber security tools and concepts, including SIEMs, EDRs, firewalls, ticketing systems, and threat intelligence.

· Experience integrating workflow automation tools with APIs, webhooks, and other data sources.

· Excellent communication and stakeholder engagement skills, with an ability to explain complex workflows in a clear and logical manner.

· Strong attention to detail and commitment to operational reliability.

The Desirables

· Direct experience using vendor attached workflow automation (Such as Crowdstrike Fusion etc)

· Proficiency in PowerShell or JavaScript for use in multi-language environments.

· Knowledge of MITRE ATT&CK, incident response frameworks, and security operations maturity models.

· Familiarity with reporting and dashboarding using platforms such as Kibana, Power BI, or similar.

· Understanding of compliance and audit requirements related to automated response and workflow documentation.

· Relevant industry certifications (e.g., SOAR vendor certs, GCIH, GCFA, or equivalent

Benefits / Perks

• ☀️ Time Off: 25 days annual leave + public holidays
• 🎂 Birthday Leave: One extra day off to celebrate
• 💰 Company Pension Scheme
• 📞 Employee Assistance Programme (EAP) for wellbeing support
• 🏃‍♀️ EkcOlympics: Global team activity challenges
• 📚 Unlimited access to Pluralsight for continuous development
• 🌱 Real opportunities to grow, including international progression

Why Ekco

• ⭐️ Microsoft’s 2023 Rising Star Security Partner of the Year
• 🚀 First Irish Microsoft MSP to achieve all four Microsoft Security Specializations
• 🏅 Ranked 4th fastest-growing technology company in the Deloitte Fast50 Awards
• 🌈 A culture rooted in diversity, equality, inclusion & belonging
• 🎉 A commitment to internal mobility and career progression
• ✨ Flexible, family-friendly working at the heart of our culture
• 🔐 Proud to be your trusted security-first Managed Service Provider chosen by IT leaders to drive operational efficiency, scale smarter and stay ahead of risk.