Sr. Third Party Automation Security Engineer

About The Position

Requirements

• Bachelor’s degree or equivalent education, training, and work-related experience.
• Minimum of 7 years of experience in security engineering or related cybersecurity roles.
• Deep specialized knowledge in cybersecurity principles, theories, and concepts.
• Proven experience in software development lifecycle security practices.
• Deep knowledge of threat modeling, security testing, and penetration testing.
• Experience implementing and managing complex information security technologies.

Nice To Haves

• Experience integrating Archer, ServiceNow GRC, SecurityScorecard, BitSight, or RiskRecon.
• Knowledge of MITRE ATTACK and detection engineering concepts.
• Experience automating SaaS security actions (token revocation, session termination).
• Familiarity with External Attack Surface Management (EASM) tools.

Responsibilities

• Designs and implements advanced cybersecurity solutions that protect critical assets within the job area, contributing to the technical approach for complex implementations while aligning to established strategies and patterns.
• Performs and enhances threat modeling, security testing, and penetration testing for high-risk platforms and services in scope, applying innovative techniques to uncover and remediate significant vulnerabilities.
• Integrates and configures information security technologies in production environments, defining and improving configuration patterns, automation, and handoff processes for the assigned domain.
• Serves as a key technical point of escalation for challenging security issues, diagnosing recurring problems and creating reusable solutions that improve how the team operates.
• Assesses emerging security threats, tools, and architectural options, and provides recommendations that shape technical plans, priorities, and goals for the job area.
• Collaborates with product and engineering teams to apply modern security architecture, secure by design practices, and governance controls throughout the local development lifecycle.
• Develops and maintains security baselines, guardrails, and control patterns for systems and applications in the area of responsibility, contributing to approaches that support regulatory and policy compliance.
• Leads the technical execution of major incident response and forensic activities within the job area, coordinating tasks, leveraging tooling effectively, and suggesting improvements to playbooks and processes.
• Provides guidance, coaching, and technical training to other security engineers, leading code and design reviews and sharing best practices that elevate team capability.
• Leads large or complex security engineering initiatives within the job area, delegating work to lower level technical professionals, reviewing outputs, and ensuring delivery meets agreed objectives.
• Design, build, and maintain integrations between XSOAR and platforms such as Archer (or other GRC tools), SecurityScorecard (or similar vendor risk tools), and SIEM solutions such as Splunk.
• Develop custom connectors and API-based integrations where native connectors do not exist.
• Normalize, enrich, and correlate data from third-party and external risk sources for operational use.
• Build alerting logic for vendor-related threats including vendor breaches, risk score degradation, SaaS abuse, and exposure of vendor-managed assets.
• Correlate vendor risk signals with internal telemetry to determine potential business impact.
• Enable SOC workflows for third-party-related detections.
• Design and implement SOAR playbooks to triage, enrich, and respond to vendor-related alerts.
• Automate response actions such as token revocation, access suspension, ticket creation, and stakeholder notification.
• Maintain and optimize playbooks to reduce manual effort and mean time to respond (MTTR).
• Partner with SOC, Vendor Risk, Threat Modeling, and Detection Engineering teams to translate risk scenarios into automation logic.
• Document integrations, workflows, and playbooks.
• Monitor performance and reliability of SOAR automations.

Benefits

• medical
• dental
• vision
• life insurance
• disability
• accidental death and dismemberment
• tax-preferred savings accounts
• 401k plan
• 10 days of vacation
• 10 sick days
• paid holidays