Sr. Security Automation Engineer

Critical Start

15h•Hybrid

About The Position

We are seeking a Sr. Security Automation Engineer to join the Critical Start Technologies Private Ltd. team, operating under the Critical Start umbrella, for our India operations. The ideal candidate is a security engineer who moves fluidly between strategy and execution — equally comfortable designing an automation architecture and building it. You bring 5-8 years of hands-on experience in security engineering, detection engineering, threat hunting, and automation, with a sharp focus on orchestration and integrations. You've built automation playbooks and custom integrations from the ground up using APIs, scripting, and modern programming frameworks — and you know the difference between automation that holds up in production and automation that doesn't. Python is your go-to; PowerShell or BASH in your back pocket. You understand REST APIs, JSON, and webhooks not just conceptually, but as daily tools. You're well-versed in SIEM platforms — Sentinel, Splunk, Sumo Logic — and know how to use them for log correlation, enrichment, and automated response. You've worked across cloud environments (Azure, AWS, GCP) and have a solid grasp of cloud security automation principles. Infrastructure-as-Code concepts like Terraform and Ansible are familiar territory, and you understand how they connect to CI/CD pipelines for scalable security deployments. AI/ML in cybersecurity isn't a buzzword to you — you've applied it to real detection workflows, enrichment pipelines, and analytics problems. Beyond the technical depth, you're a clear communicator and a strong collaborator. You know how to bring cross-functional teams along, and you're motivated by driving real innovation — not just maintaining the status quo. T his role is designated as a hybrid position. You are required to have a reliable high-speed internet connection, the ability to participate in video meetings, and a dedicated home office or private workspace suitable for professional work. As the position involves collaboration with U.S.-based teams and clients, you will be expected to work during overlapping hours with U.S. business hours, as guided by your manager.

Requirements

5–8 years of experience in security engineering, detection engineering, threat hunting and automation, with a focus on orchestration and integrations.
Hands-on experience developing automation playbooks and custom integrations using APIs, scripting, and modern programming frameworks.
Strong understanding of AI/ML technologies applied in cybersecurity analytics, enrichment, and detection workflows.
Experience with SIEM systems (e.g., Sentinel, Splunk, Sumo Logic) for log correlation, enrichment, and automated response capabilities.
Proficiency in Python (preferred), with additional experience in PowerShell or BASH is beneficial.
Deep understanding of REST APIs, JSON, and webhooks for security data exchange and automation workflows.
Solid grasp of cloud security automation principles across Azure, AWS, and GCP environments.
Familiarity with Infrastructure-as-Code concepts (Terraform, Ansible) and CI/CD integrations for scalable security deployments.
Excellent problem-solving, communication, and collaboration skills with the ability to drive innovation and cross-functional alignment.

Nice To Haves

Bachelor’s degree in Cybersecurity, Computer Science, or a related technical field (or equivalent experience).
Certifications such as GIAC Security Automation Engineer (GSAE), GIAC Cloud Security Automation (GCSA), or Splunk SOAR Certified Automation Developer.
Experience developing and maintaining event enrichment pipelines and automated detection validation workflows.
Knowledge of security frameworks and methodologies such as MITRE ATT&CK, NIST, and zero-trust architecture principles.
Experience integrating automation and orchestration solutions into enterprise SIEM, SOAR, and endpoint security ecosystems.
Strong understanding of metrics-driven performance management for security automation programs.

Responsibilities

Architect, implement, and maintain Security Orchestration, Automation, and Response (SOAR) solutions, developing custom automation playbooks, scripts, and integrations across SIEM, EDR, ITP, DLP, IAM, and cloud environments to optimize and scale cybersecurity operations.
Leverage AI and ML technologies to improve event correlation, detection accuracy, and decision-making efficiency within the SOC ecosystem, integrating automation pipelines with SIEM platforms (e.g., Splunk, Sumo Logic) to enrich alerts and reduce false positives.
Design and maintain REST API-based integrations between security, IT, and business systems, and develop automation scripts using Python, PowerShell, or Bash to streamline investigation and remediation tasks.
Collaborate with SOC, Incident Response, and Threat Hunting teams to identify repetitive processes and automate triage, containment, and recovery workflows.
Partner with IT, Engineering, and Cloud Operations teams to integrate automated security controls into CI/CD and DevOps pipelines.
Create dashboards, metrics, and reporting mechanisms to measure automation efficiency, performance, and operational outcomes.
Maintain and document playbooks, workflows, and standard operating procedures (SOPs) to ensure repeatability, quality, and compliance, while providing technical mentorship to promote automation-first practices across security teams.
Collaborate with Security Engineering leadership to align automation initiatives with the organization's global cybersecurity strategy and evaluate emerging AI-driven and cloud-native security automation technologies.