Skip to content

Five New Roles in AI-Powered Security Operations

The Bottom Line: AI-SOCs will automate routine tasks and create new specialized roles such as Data Engineer, Agent-Orchestrator, and Model-Trainer, rather than eliminating existing jobs.

Artificial intelligence will assume traditional SOC tasks while simultaneously creating new professional functions requiring specialized expertise. The classic mix of analyst roles will undergo fundamental change.

Traditional security operations centers (SOC) have operated for years based on a three-tiered analyst model: Tier 1 analysts triage alerts and monitoring, Tier 2 analysts investigate suspicious cases, Tier 3 analysts conduct threat hunting and forensics. This structure is crumbling with the emergence of AI-SOCs (agentic SOCs), with over 120 vendors now claiming market presence.

AI agents are already assuming autonomous alert triage and simple investigations: they enrich suspicious activities with context, create timelines, and suggest remediation steps – equivalent to an efficient Tier 1 analyst. In the near future, agent swarms will also assume Tier 2 tasks such as automated remediation, detection, threat hunting, and posture management.

For CISOs, this concretely means five new specialized roles: Security Data Engineers must normalize heterogeneous data sources (IAM, cloud logs, threat intelligence, SaaS applications) into unified data layers with standards such as the Open Cybersecurity Schema Framework (OCSF). AI Security Agent Orchestrators orchestrate multi-agent systems, define guardrails, configure autonomy boundaries, and connect agent-based workflows with threat intelligence. AI Model Trainers continuously update AI models with organization-specific contexts on threats, industry, and business processes.

Two additional roles follow: Prompt Engineers and Evaluators develop and refine instructions and prompts for agents as well as their evaluation criteria; Autonomous Security Systems Architects design end-to-end systems comprising agents, data flows, and human controls. All these roles require a new blend of security expertise, technical understanding of AI, and systems design.


Source: www.csoonline.com · Published June 18, 2026
Lumi AI News — AI-assisted curation according to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: