Hello,
A good explanation of [ksoftirqd/0] process is explained here, thus my assumptions are that you pass a lot of traffic over IPsec tunnel, or encryption algorithms of your configuration are rather computationally expensive. Or there are additional services running within the device.
I would suggest to check, if enabling the following helps to reduce CPU load. Login to the WebUI, navigate to Network -> Firewall -> General settings. Under ROUTING/NAT OFFLOADING section, enable Software flow offloading setting. Save & apply.
If you have created any custom firewall rules, you can also review their ordering Network -> Firewall -> Traffic rules, to have the drop/reject rules at the top, in order to reduce time, taken to process packets matching them.
Best regards,