Security and Automation & Detection Engineer

As an Automation and Detection Engineer, you will play a critical role in enhancing our organization's security posture by automating security processes and developing advanced threat detection capabilities
You will combine technical expertise in scripting, automation, and security analysis to streamline operations, improve efficiency, and proactively identify and mitigate cyber threats.
Responsibilities
Automation:
Design, develop, and implement automated solutions for various security tasks, including threat detection, incident response, and vulnerability management.
Utilize scripting languages (Python, PowerShell, etc.) and automation tools (Ansible, Jenkins, etc.) to create efficient and scalable automation workflows.
Integrate automation solutions with existing security tools and platforms.
Collaborate with security stakeholders to gather requirements and identify opportunities for automation.
Analyze requirements and translate them into technical specifications for automation solutions.
Prioritize automation projects based on business impact and security risk.
Monitor the performance and availability of automation platforms and tools.
Troubleshoot and resolve issues to ensure platform uptime and reliability.
Optimize automation workflows to improve efficiency and reduce manual effort.
Develop and maintain integrations with various APIs to automate data collection, analysis, and response.
Ensure API integrations are secure, reliable, and compliant with security best practices.
Thoroughly test automation scripts and workflows to identify and fix errors.
Develop test cases to ensure the accuracy and reliability of automation solutions.
Conduct performance testing to optimize automation processes.
Detection Engineering:
Develop, test, and deploy high-fidelity detection rules and signatures
Tune and optimize detection rules to reduce false positives and negatives
Conduct regular reviews of detection coverage and identify gaps
Perform threat hunting and incident response activities
Create and refine alerts to prioritize critical security events
Develop automated response actions to mitigate threats efficiently
Collaborate with security operations teams to improve incident response times
Develop and maintain key performance indicators (KPIs) to measure the effectiveness of detection capabilities
Generate regular reports on threat trends and security posture
Contribute to the development and maintenance of security standards and best practices
Participate in security reviews and audits
Stay up-to-date on the latest security threats and vulnerabilities

Quals--
Must have experience with XSOAR and Splunk.
Strong understanding of security principles, threat intelligence, and attack methodologies
Proficiency in scripting languages (Python, PowerShell, etc.) and automation tools.
Experience with API integration and RESTful APIs
Knowledge of cloud technologies (AWS, Azure, GCP)
Strong problem-solving and analytical skills
Excellent communication and collaboration skills
Experience with security information and event management (SIEM) systems and security orchestration, automation, and response (SOAR) platforms
Knowledge of cloud security and cloud-native technologies