Lead Cybersecurity Automation Engineer

About The Position

Requirements

• Genuine interest in cyber security and a good understanding of the tactics, techniques, and procedures of attackers.
• Detail-oriented critical thinker who can anticipate issues and solve problems.
• 7+ years of experience in developing, implementing, and maintaining automated workflows, and playbooks with SOAR platforms.
• Advanced proficiency in scripting languages such as Python, PowerShell, and Bash for security automation and integration.
• Experience integrating SOAR platforms with various security tools (SIEM, EDR, etc.) using APIs and custom connectors.
• Ability to design, document and optimize automated processes and playbooks for SOC workflow.
• Strong understanding of security operations concepts, triage and investigation, including event management, log collection, and workflow orchestration.
• Excellent written and verbal communication skills for documenting automation processes and collaborating with SOC team members.
• Experience working in a collaborative environment to identify automation opportunities and implement solutions.
• Hands-on experience building, tuning, and maintaining SOC detections within SIEM platforms.

Nice To Haves

• Hands-on experience with SOAR platform administration and customization (e.g., developing custom integrations, connectors, and modules)
• Familiarity with SIEM technologies, especially in relation to automation and orchestration.
• Possesses knowledge or experience as a member of a cyber security team, enabling the identification of key focus areas.
• Experience with security product assessments and automation of product evaluation workflows.
• Experience working with LLM models.
• Industry certifications related to automation, scripting, or SOAR platforms (e.g., GCIH, GNFA, GREM, or similar).

Responsibilities

• Develop, implement, and maintain automated playbooks and workflows in the SOAR platform to streamline SOC operations.
• Integrate the SOAR with various security tools (SIEM, EDR, Email, etc.) using APIs and custom connectors.
• Automate incident triage, investigation, and response processes to reduce manual effort and improve response times.
• Collaborate with analysts and leadership to identify automation opportunities and optimize security operations.
• Maintain up-to-date knowledge of the threat landscape, security technologies and best practices.
• Build, tune, and maintain SOC detections within the SIEM, leveraging scripting and automation to ensure accurate and efficient threat detection.
• Document automation processes, playbooks, and integrations for knowledge sharing and compliance.

Benefits

• Medical
• Prescription Drug
• Dental
• Vision
• Health Savings Account
• Dependent Day Care Savings Account
• Life Insurance
• Disability and Other Insurance Plans
• Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and X Vacation Days annually)
• 10 Paid Holidays
• 401(k)
• Short/Long Term Disability
• Annual discretionary incentive compensation award
• Participation in the relevant business unit’s incentive compensation plan, which also may include a discretionary bonus component