Job Description

Key Responsibilities
• Design and implement security automation workflows for alert ingestion, enrichment, triage, and response
• Develop scripts and playbooks to reduce manual effort and improve incident response efficiency
• Integrate SIEM, SOAR, and security tools with case management and ticketing systems
• Enhance detection capabilities by incorporating threat intelligence into pipelines
• Support detection rule lifecycle management including tuning, validation, and deployment
• Troubleshoot and optimize automation processes to reduce false positives and improve signal quality
• Collaborate with SOC, Security Engineering, and IT teams to translate requirements into automation solutions
• Contribute to development of automation standards, documentation, and runbooks
• Identify opportunities to improve processes, tooling, and detection coverage
• Act as a technical resource and provide guidance to less experienced team members
Required Skills
• Strong experience in security automation, detection engineering, or SOC operations
• Hands-on experience with SIEM platforms and alerting frameworks
• Proficiency in scripting/programming (e.g., Python, PowerShell)
• Experience integrating systems via APIs and automation pipelines
• Understanding of cybersecurity frameworks (e.g., MITRE ATT&CK)
• Knowledge of incident response processes and threat detection methodologies
• Strong analytical and problem-solving skills
• Ability to independently execute on complex technical tasks

Qualifications
• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field
• 5–8 years of experience in cybersecurity, security engineering, or related discipline
• Experience working in a Security Operations Center (SOC) or similar environment
• Familiarity with SOAR platforms and automation playbooks
• Experience with cloud environments (AWS, Azure, or GCP) preferred
• Knowledge of Infrastructure as Code (e.g., Terraform, Ansible) preferred
• Relevant certifications (e.g., Security+, GIAC, CISSP – Associate or progress toward certification) preferred

Key Performance Indicators (KPIs)
• Short-Term Outcomes (3–6 months)
• Automate ≥20–30% of repetitive SOC workflows or alert triage tasks
• Reduce average incident triage time by 15–25% through automation enhancements
• Successfully deploy 3–5 new automation playbooks integrated with SIEM/SOAR tools
• Improve alert enrichment coverage to ≥80% of prioritized use cases
• Long-Term Outcomes (6–12+ months)
• Reduce false positive rate in key detection pipelines by 25–40%
• Increase automated incident response coverage to ≥50% of common use cases
• Achieve measurable reduction in Mean Time to Respond (MTTR) by 20–30%
• Expand detection coverage aligned to MITRE ATT&CK across critical threat vectors
• Functional Excellence Metrics
• Technical Delivery
• Automation reliability ≥95% success rate across workflows
• Number of scalable automation solutions adopted across teams
• Operational Efficiency
• Reduction in manual workload hours for SOC analysts
• Number of integrations implemented across security tools and platforms
• Collaboration & Influence
• Stakeholder satisfaction with automation solutions and responsiveness
• Contributions to documentation, standards, and team knowledge sharing

• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or related field with 8-10 years of relevant experience