Senior Security Automation
2 days ago
Job description
Seeking a senior level security engineer responsible for designing and implementing cross platform remediation playbooks in multi vendor environments.
This role focuses on transforming detection signals into structured containment and recovery workflows across endpoint, identity, email, and cloud systems.
⸻
Core Responsibilities
Playbook Design
- Translate detection scenarios into structured decision trees
- Define enrichment, validation, containment, remediation, and recovery stages
- Implement risk based branching logic
- Ensure playbooks are behavior driven rather than vendor locked
Cross Platform Remediation
Must be capable of performing and automating containment across:
- SentinelOne
- CrowdStrike
- Microsoft Defender and Microsoft 365
- VMware Carbon Black
Remediation actions include:
- Endpoint isolation
- Process termination
- Hash and indicator blocking
- Session revocation
- Forced credential reset
- Removal of malicious inbox rules
- OAuth token revocation
- Conditional access enforcement
Automation & Orchestration
- Integrate multiple security platforms using REST APIs
- Build automation using Python or similar scripting languages
- Implement structured logic with branching conditions
- Develop guardrails to prevent unsafe automated actions
- Normalize containment logic across different vendor platforms
Identity & Email Security Response
- Investigate and remediate suspicious sign in activity
- Revoke active sessions
- Remove malicious mail flow or inbox rules
- Manage token abuse and OAuth misuse
- Coordinate identity containment with endpoint containment
Multi Tenant Operational Safety
- Design remediation workflows that operate safely in MSP environments
- Prevent automated actions from disrupting critical infrastructure
- Define automation confidence thresholds
- Implement human approval checkpoints where required
Performance & Optimization
- Identify repetitive manual response actions suitable for automation
- Reduce manual SOC workload
- Improve containment speed and measurable MTTR
- Establish remediation metrics and tracking
Required Qualifications
- 5 plus years in security operations, incident response, or security engineering
- Hands on experience with at least two major EDR platforms
- Strong understanding of Microsoft 365 security and identity controls
- Experience working with APIs and automation scripting
- Experience building or maintaining response playbooks
Preferred Qualifications
- Experience in multi vendor environments
- Experience in MSP or MSSP operations
- Familiarity with SOAR platforms
- Strong understanding of identity based attack patterns
- Ability to design vendor agnostic remediation frameworks
What This Role Is Not
- Not a Tier 1 alert triage position
- Not a ticket escalation role
- Not purely monitoring
Contract duration of less than 1 month. with 30 hours per week.
Mandatory skills:
Digital Forensics, SOC 1, SOC 1 Report, Splunk, Elasticsearch, Cybersecurity Tool, Network Analysis, Network Security, Wireshark, Incident Response Plan, Security Analysis, Information Security, Vulnerability Assessment, NIST Cybersecurity Framework, Risk Analysis
Similar jobs
The Security Automation Engineer will automate investigation and response of AWS resources made public, automate investigation and initial response to critical GuardDuty findings for EC2s, automate investigation and initial response to critical GuardDuty findings for users. · Aut ...
2 weeks ago
The Security Automation and Response Engineer will be part of an elite team of Cyber Security specialists whose mission is to proactively test enterprise information security controls for effectiveness and to coordinate manual or automated remediation of weaknesses and gaps in th ...
4 weeks ago
We are seeking an experienced Security Engineer with a strong technical background in administering, configuring, and maintaining enterprise cybersecurity tools and infrastructure. · ...
2 weeks ago
+Job summary · A Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device cont ...
3 weeks ago
We are looking for a Security Automation Engineer with strong experience in Microsoft Sentinel, SIEM/SOAR automation, · and UEBA analytics to support advanced cybersecurity initiatives. · ...
1 month ago
A Security Automation Engineer is needed to build and operationalize automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device control polic ...
2 weeks ago
The Security Automation and Response Engineer will be part of an elite team of Cyber Security specialists whose mission is to proactively test enterprise information security controls for effectiveness and to coordinate manual or automated remediation of weaknesses and gaps in th ...
1 month ago
We are looking for a Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device ...
6 days ago
We enable national security missions through creation and delivery of innovative technology-centric solutions that provide decision advantage to our customers. · Act as a collaborative contributor on an Agile Software Development team. · Participate with security during design an ...
2 weeks ago
We are looking for a Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, · Build the event pipeline & data model;Configure Mic ...
3 weeks ago
A Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device control policy grou ...
3 weeks ago
Ayudante de seguridad automática. · Monitorear y triuniar alertas de seguridad siguiendo playbooks SOAR establecidos para tipos incidentes comunes. · Asistir en el desarrollo, prueba y refinamiento de playbooks SOAR para automatizar tareas repetitivas de respuesta a incidentes e ...
1 month ago
We are looking for a Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device ...
6 days ago
We develop and empower our people, cultivate relationships, give back to our community, and celebrate every success along the way. We do it all…The Aflac Way.Aflac has been recognized as Fortune's 50 Best Workplaces for Diversity and as one of World's Most Ethical Companies by · ...
4 weeks ago
We are looking for a Security Automation Engineer with strong experience in Microsoft Sentinel, · SIEM/SOAR automation, · and UEBA analytics to support advanced cybersecurity initiatives.Develop and maintain Microsoft Sentinel SOAR playbooks using Azure Logic Apps and Functions · ...
1 month ago
The Security Automation Engineer will work with customer(s) supporting our mission to help them quickly and completely adopt our Security Operating Platform, · ...
4 days ago
We are seeking an experienced Security Engineer with a strong technical background in administering, configuring, and maintaining enterprise cybersecurity tools and infrastructure. · ...
2 weeks ago
Advance your IT career in security and automation as a Security Automation Engineer. Lead design, implementation, and optimization of Palo Alto Networks Cortex XSOAR security automation solutions. · ...
1 week ago
Arnall Golden Gregory seeks a motivated and detail-oriented Security Analyst Intern to support the firm's Information Security program with a focus on SOAR playbooks, AI-driven security, and Zero Trust principles. · ...
1 week ago
The Security Automation Engineer will work with customers supporting our mission to help them quickly and completely adopt our Security Operating Platform leaving them more secure. · Follow all Secur-Serv requirements policies procedures and management directions. · ...
1 month ago