Senior CyberSecurity Automation Engineer

About The Position

Requirements

• Candidates should have a genuine interest in cyber security and a good understanding of the tactics, techniques, and procedures of attackers.
• This role requires a detail-oriented critical thinker who can anticipate issues and solve problems.
• 3+ years of experience in developing, implementing, and maintaining automated workflows, and playbooks with SOAR platforms.
• Advanced proficiency in scripting languages such as Python, PowerShell, and Bash for security automation and integration.
• Experience integrating SOAR platforms with various security tools (SIEM, EDR, etc.) using APIs and custom connectors.
• Ability to design, document and optimize automated processes and playbooks for SOC workflow.
• Strong understanding of security operations concepts, triage and investigation, including event management, log collection, and workflow orchestration.
• Excellent written and verbal communication skills for documenting automation processes and collaborating with SOC team members.
• Experience working in a collaborative environment to identify automation opportunities and implement solutions.
• Hands-on experience building, tuning, and maintaining SOC detections within SIEM platforms.

Nice To Haves

• Hands-on experience with SOAR platform administration and customization (e.g., developing custom integrations, connectors, and modules)
• Familiarity with SIEM technologies, especially in relation to automation and orchestration.
• Possesses knowledge or experience as a member of a cyber security team, enabling the identification of key focus areas.
• Experience with security product assessments and automation of product evaluation workflows.
• Experience working with LLM models.
• Industry certifications related to automation, scripting, or SOAR platforms (e.g., GCIH, GNFA, GREM, or similar).

Responsibilities

• Develop, implement, and maintain automated playbooks and workflows in the SOAR platform to streamline SOC operations.
• Integrate the SOAR with various security tools (SIEM, EDR, Email, etc.) using APIs and custom connectors.
• Automate incident triage, investigation, and response processes to reduce manual effort and improve response times.
• Collaborate with analysts and leadership to identify automation opportunities and optimize security operations.
• Maintain up-to-date knowledge of the threat landscape, security technologies and best practices.
• Build, tune, and maintain SOC detections within the SIEM, leveraging scripting and automation to ensure accurate and efficient threat detection.
• Document automation processes, playbooks, and integrations for knowledge sharing and compliance.

Benefits

• Morgan Stanley offers a full spectrum of benefits, including Medical, Prescription Drug, Dental, Vision, Health Savings Account, Dependent Day Care Savings Account, Life Insurance, Disability and Other Insurance Plans, Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and X Vacation Days annually), 10 Paid Holidays, 401(k), and Short/Long Term Disability, in addition to other special perks reserved for our employees.