As a key member of the Security Operations team, the Automation and Detection Engineer will support our Security Operation automation efforts and SIEM administration. The Engineer is responsible for automation, SIEM administration, and detection engineering. The engineer will lead automation efforts and content life cycle. Candidates must show willingness to learn, have strong self-directed work habits, demonstrate initiative, drive, creativity, self-assurance, and professionalism. Excellent teamwork skills are necessary.
ESSENTIAL FUNCTIONS:
Responsibilities:
- Act as the primary detection engineer. Lead identification and implementation of detection and automation of response playbooks.
- Perform daily SIEM administration, tuning, troubleshooting and strategy.
- Work with our automation platform to automate incident response tasks and IT tasks.
- Augmented incident response processes with artificial intelligence technologies.
- Perform offensive adversary attacks to test current content and develop new content.
- Deliver KPIs to measure the effectiveness of automation and security content.
- Performs other security duties as necessary.
- Represents the Company in a professional manner at all times. Consistently maintains a professional, courteous attitude when dealing with residents, coworkers and the general public.
The Company may revise this job description from time to time as business needs require. It is not intended to be an exhaustive listing of all the functions of the job, nor limit the Company's right to assign other functions to an employee in this position. This job description does not constitute a written or implied contract of employment.
JOB QUALIFICATION REQUIREMENTS:
Technical skills requirements:
- 5-8 years of experience as a security engineer
- Strong incident response background.
- Experience with bug bounty programs
- Experience with automation SOAR tools, IT automation, and custom automation methods
- Strong knowledge of SIEM administration, tuning and troubleshooting
- Scripting languages like Python, powershell or bash for automating repetitive tasks
- Understanding of common enterprise technologies and their logging capabilities, including cloud platforms.
- Basic understanding of DevSecOPS and SDLC methods, tooling, and processes
- Well-versed in security operations, cyber security monitoring, intrusion detection, and secured networks
Qualifications:
- Strong understanding of Security orchestration, automation, and response
- Must demonstrate strong analytical and problem solving skills
- Ability to work independently with minimum supervision and handle multiple tasks simultaneously
- Detail oriented, conscientious, thorough and accurate analysis.
- Process orientated with the ability to clarify objectives, evaluate options, consider implications, assess risks, and make key decisions.
- Excellent interpersonal and facilitation skills along with effective communication (both written and verbal) skills.
- Good planning and problem solving skills.
- Demonstrated ability to meet deadlines and commitments in an environment that requires multitasking among concurrent projects.
- Ability to convey network concepts and issues to both technical and non-technical audiences.
- The candidate should have a demonstrated ability to write with clarity and accuracy
