Sr. Security Engineer II - Security Automation, AI & Orchestration

CDW

About The Position

At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It’s why we’re coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we’re headed. We’re proud to share our story and Make Amazing Happen at CDW. Job Summary Design intelligent cyber defense. Automate response. Let security act at machine speed. The Senior Security Engineer II – Security Automation, AI & Orchestration is a hands‑on, high‑impact role within the Enterprise Defense & Automation (EDA) team. You will engineer automation‑first, AI‑assisted security capabilities that transform detection signals into real-time, policy‑driven response and control actions. This role sits at the intersection of AI‑enabled security engineering and SOAR platforms. You’ll help evolve security operations from “alert and investigate” to detect, decide, and act—reducing risk through scalable, resilient, and self‑healing automation. This is a builder and problem‑solver role. You’ll design and implement SOAR workflows, detection logic, and automated response playbooks, integrating AI/ML‑driven insights to improve signal fidelity, decisioning, and response outcomes across detection, response, and control planes. Your work will directly influence how threats are prevented, contained, and remediated at scale. Success in this role requires strong security fundamentals, fluency across modern security platforms, and the ability to deliver production‑grade automation that operates reliably in real-world, adversarial environments. If you’re passionate about engineering intelligent security systems that think, respond, and defend autonomously, this role puts you at the forefront of modern cyber defense.

Requirements

Bachelor’s degree and 7+ years of experience in cybersecurity engineering, detection engineering, or automation‑focused security roles, OR 11+ years of experience in cybersecurity engineering, detection engineering, or automation‑focused security roles.
Strong experience with security automation, orchestration, or SOAR platforms.
Proficiency in Python and/or PowerShell for production‑grade automation.
Designing secure, observable, and maintainable AI‑enabled solutions
Hands‑on experience with SIEM/XDR platforms and cloud‑scale security tooling.
Practical working knowledge of the MITRE ATT&CK framework and mapping detections to controls.

Nice To Haves

Built automation for large, diverse enterprise environments, a plus.
Familiarity with platforms such as Microsoft Defender, Microsoft Sentinel, CrowdStrike, Palo Alto XSOAR/XSIAM, Azure AD/Entra ID, Splunk, a plus.
Experience with CI/CD pipelines, infrastructure‑as‑code, and policy‑as‑code, a plus.
Background in detection engineering, threat hunting, or incident response, a plus.
Relevant certifications (GCIH, GCFA, Azure Security, cloud or automation certifications), a plus.

Responsibilities

Design, build, and maintain automation workflows that move security from detect and notify to detect, decide, and act.
Engineer reusable automation services and playbooks across identity, endpoint, network, cloud, and SaaS control planes.
Implement guardrails for automation and AI-assisted capabilities (confidence thresholds, blast‑radius controls, rollback mechanisms).
Develop custom integrations using Python, PowerShell, APIs, AI prompts, and event‑driven architectures.
Design, build, maintain automation workflows, and AI-assisted capabilities that move security from detect and notify to detect, decide, and act.
Engineer reusable automation services and playbooks across identity, endpoint, network, cloud, and SaaS control planes.
Implement guardrails for automation and AI-assisted capabilities (confidence thresholds, blast‑radius controls, rollback mechanisms).
Develop custom integrations within the security stack.
Partner with the Cyber Defense Engineering and Response team to integrate high-quality signals suitable for automation.
Map MITRE ATT&CK techniques to controls and automated responses once, then reuse globally.
Orchestrate cross‑pillar responses (e.g., Identity → Endpoint → Network → Response).
Ensure automation outcomes are measurable, auditable, and resilient.
Embed security controls into CI/CD pipelines for Enterprise Defense & Automation authored content.
Use policy-as-code, automate testing processes, and establish security gates that quickly block issues.
Eliminate repeat findings through native auto‑remediation patterns
Build automation that detects and corrects unsafe platform states without human intervention.
Develop self‑healing scenarios such as Risky identity state: restrict, rotate, expire, Endpoint degradation: auto‑repair or isolate, Control drift: rollback to known‑good state.
Collaborate closely with Cyber Security platform owners, Threat Detection Response analyst, Business Unit owners
Contribute to shared backlogs and design reviews with clear ownership boundaries.
Document automation patterns, standards, and engineering decisions.