About The Position
As a Senior Response Automation Engineer at Elastic you will work to enhance and maintain the workflows supporting Elastic front-line defenders, assisting the team delivering safe and secure products and services to our customers, users, and fellow Elasticians. Currently, the Threat Detection and Response Team heavily relies on automation - we have developed many integrations and intelligent workflows to provide alert context, take action automatically, and more. This has resulted in significant time savings and efficiencies. Our ability to continue to enhance existing workflows and develop new ones to take us to the next level in our SOC-less journey. In this role, you will be responsible for understanding, maintaining, and improving threat detection and response processes, working on automations that support alert triage through management of response cases. If doing all of this with the Elastic Stack excites you, then we’d love to meet you!
Requirements
- At least 3 years of experience related to automation engineering in a complex, global environment. Automation experience focused on security operations / incident response is a plus.
- Experience with automating with Security Operations and Response (SOAR) tools or alternative tools supporting similar workflows. Tines experience is a plus.
- Demonstrated ability to take complex / manual processes and solve them through automation. If you’ve done this with the help of the Elastic Stack, even better!
- Demonstrated ability to think innovatively about solving critical security problems.
- Strong communication skills, with the ability to make sound decisions with limited information, and embrace challenging the status quo.
- Are eligible to work in DoD Impact Level 4 or above cloud service environments
Responsibilities
- Drive the full lifecycle of automation development, from design to maintenance, to significantly advance our threat detection and response capabilities.
- Optimize and automate core SOC/IR analyst workflows, focusing on delivering rich alert context and efficient triage processes across all detection sources, including the Elastic Detection Engine.
- Establish automated feedback mechanisms that empower the Threat Detection team to continuously refine detections, identify false positives, and uncover new enrichment and automation opportunities.
- Build and manage integrations across security tools and platforms to create seamless workflows and enhance data correlation for comprehensive threat detection and response.
- Architect and implement automated incident response playbooks for effective containment, eradication, and recovery in various threat scenarios.
- Serve as a key automation expert, partnering with security analysts and incident responders to transform manual security operations into highly efficient, automated processes.
- Innovate and document best practices for detecting, responding to, and eradicating advanced threats, focusing on reducing overall time to response.
- Ensure the integrity and effectiveness of all workflows through rigorous testing and validation.
- Collaborate strategically with Threat Detection and Response leadership to identify critical areas for enhancement and execute impactful improvement initiatives.
Benefits
- Competitive pay based on the work you do here and not your previous salary
- Health coverage for you and your family in many locations
- Ability to craft your calendar with flexible locations and schedules for many roles
- Generous number of vacation days each year
- Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service
- Up to 40 hours each year to use toward volunteer projects you love
- Embracing parenthood with minimum of 16 weeks of parental leave
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
1,001-5,000 employees
