CBO - Automation Engineer

About The Position

Requirements

• Active Public Trust clearance
• B.S. Computer Science, Information Technology, or a related field
• 5+ years of experience in cybersecurity engineering, automation, or SOAR development
• Hands-on experience with Microsoft Sentinel and Azure Logic Apps
• Experience integrating Microsoft Defender XDR (Endpoint, Identity, Cloud)
• Strong scripting skills (Python, PowerShell, or similar)
• Experience with API integrations and automation frameworks
• Knowledge of incident response workflows and SOC operations
• Understanding of MITRE ATT&CK and detection engineering
• Experience with cloud environments (Azure, AWS)

Nice To Haves

• GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
• Microsoft Sentinel or Microsoft security platform certifications
• Relevant cloud security certifications (e.g., AWS security)
• Privacy certifications (e.g., CIPP/US, CIPM) where applicable

Responsibilities

• Design, develop, and maintain SOAR playbooks using Microsoft Sentinel (Logic Apps)
• Automate incident response workflows (phishing, malware containment, credential compromise, endpoint isolation)
• Integrate Sentinel with Microsoft Defender XDR and other security tools (identity, endpoint, network, cloud)
• Develop custom automation workflows and enrichment pipelines
• Ensure automation aligns with Sentinel data model and schema normalization requirements
• Maintain audit logging, chain-of-custody, and compliance controls within automated workflows
• Support automation for alert triage, ticketing, and escalation processes
• Perform continuous improvement of playbooks based on incident trends and threat intelligence
• Provide quarterly tabletop exercises and playbook validation
• Develop reporting on automation effectiveness (MTTD, MTTR improvements)
• Collaborate with SOC analysts and engineers to operationalize automation use cases