Senior Security Automation

Only for registered members United States

2 days ago

Default job background
Seeking a senior level security engineer responsible for designing and implementing cross platform remediation playbooks in multi vendor environments. · This role focuses on transforming detection signals into structured containment and recovery workflows across endpoint, identit ...
Job description
Seeking a senior level security engineer responsible for designing and implementing cross platform remediation playbooks in multi vendor environments.


This role focuses on transforming detection signals into structured containment and recovery workflows across endpoint, identity, email, and cloud systems.

The ideal candidate thinks in behavior driven response, not tool specific reaction.



Core Responsibilities

Playbook Design


  • Translate detection scenarios into structured decision trees
  • Define enrichment, validation, containment, remediation, and recovery stages
  • Implement risk based branching logic
  • Ensure playbooks are behavior driven rather than vendor locked


Cross Platform Remediation

Must be capable of performing and automating containment across:


  • SentinelOne
  • CrowdStrike
  • Microsoft Defender and Microsoft 365
  • VMware Carbon Black

Remediation actions include:

  • Endpoint isolation
  • Process termination
  • Hash and indicator blocking
  • Session revocation
  • Forced credential reset
  • Removal of malicious inbox rules
  • OAuth token revocation
  • Conditional access enforcement


Automation & Orchestration


  • Integrate multiple security platforms using REST APIs
  • Build automation using Python or similar scripting languages
  • Implement structured logic with branching conditions
  • Develop guardrails to prevent unsafe automated actions
  • Normalize containment logic across different vendor platforms


Identity & Email Security Response


  • Investigate and remediate suspicious sign in activity
  • Revoke active sessions
  • Remove malicious mail flow or inbox rules
  • Manage token abuse and OAuth misuse
  • Coordinate identity containment with endpoint containment


Multi Tenant Operational Safety


  • Design remediation workflows that operate safely in MSP environments
  • Prevent automated actions from disrupting critical infrastructure
  • Define automation confidence thresholds
  • Implement human approval checkpoints where required


Performance & Optimization


  • Identify repetitive manual response actions suitable for automation
  • Reduce manual SOC workload
  • Improve containment speed and measurable MTTR
  • Establish remediation metrics and tracking


Required Qualifications


  • 5 plus years in security operations, incident response, or security engineering
  • Hands on experience with at least two major EDR platforms
  • Strong understanding of Microsoft 365 security and identity controls
  • Experience working with APIs and automation scripting
  • Experience building or maintaining response playbooks


Preferred Qualifications


  • Experience in multi vendor environments
  • Experience in MSP or MSSP operations
  • Familiarity with SOAR platforms
  • Strong understanding of identity based attack patterns
  • Ability to design vendor agnostic remediation frameworks


What This Role Is Not


  • Not a Tier 1 alert triage position
  • Not a ticket escalation role
  • Not purely monitoring
This role builds the enforcement layer behind detection.

Contract duration of less than 1 month. with 30 hours per week.

Mandatory skills:
Digital Forensics, SOC 1, SOC 1 Report, Splunk, Elasticsearch, Cybersecurity Tool, Network Analysis, Network Security, Wireshark, Incident Response Plan, Security Analysis, Information Security, Vulnerability Assessment, NIST Cybersecurity Framework, Risk Analysis


Similar jobs

  • Work in company

    Security Automation Engineer

    Only for registered members

    The Security Automation Engineer will automate investigation and response of AWS resources made public, automate investigation and initial response to critical GuardDuty findings for EC2s, automate investigation and initial response to critical GuardDuty findings for users. · Aut ...

    Pittsburgh

    2 weeks ago

  • Work in company

    Security Engineer, Automation

    Only for registered members

    The Security Automation and Response Engineer will be part of an elite team of Cyber Security specialists whose mission is to proactively test enterprise information security controls for effectiveness and to coordinate manual or automated remediation of weaknesses and gaps in th ...

    Cleveland $97,500 - $150,000 (USD) Full time

    4 weeks ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    We are seeking an experienced Security Engineer with a strong technical background in administering, configuring, and maintaining enterprise cybersecurity tools and infrastructure. · ...

    Portland $120,000 - $150,000 (USD) Full time

    2 weeks ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    +Job summary · A Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device cont ...

    Raritan

    3 weeks ago

  • Work in company

    security automation engineer

    Only for registered members

    We are looking for a Security Automation Engineer with strong experience in Microsoft Sentinel, SIEM/SOAR automation, · and UEBA analytics to support advanced cybersecurity initiatives. · ...

    Austin

    1 month ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    A Security Automation Engineer is needed to build and operationalize automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device control polic ...

    Raritan

    2 weeks ago

  • Work in company

    Security Engineer, Automation

    Only for registered members

    The Security Automation and Response Engineer will be part of an elite team of Cyber Security specialists whose mission is to proactively test enterprise information security controls for effectiveness and to coordinate manual or automated remediation of weaknesses and gaps in th ...

    Greater Cleveland

    1 month ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    We are looking for a Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device ...

    Raritan, NJ USA

    6 days ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    We enable national security missions through creation and delivery of innovative technology-centric solutions that provide decision advantage to our customers. · Act as a collaborative contributor on an Agile Software Development team. · Participate with security during design an ...

    Austin $76,000 - $155,700 (USD) Full time

    2 weeks ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    We are looking for a Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, · Build the event pipeline & data model;Configure Mic ...

    Raritan, NJ

    3 weeks ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    A Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device control policy grou ...

    Raritan

    3 weeks ago

  • Work in company

    Security Automation Intern

    Only for registered members

    Ayudante de seguridad automática. · Monitorear y triuniar alertas de seguridad siguiendo playbooks SOAR establecidos para tipos incidentes comunes. · Asistir en el desarrollo, prueba y refinamiento de playbooks SOAR para automatizar tareas repetitivas de respuesta a incidentes e ...

    Atlanta, GA

    1 month ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    We are looking for a Security Automation Engineer to build and operationalize the automation that correlates CrowdStrike Falcon Device Control telemetry with Active Directory/Azure Entra ID group changes in Microsoft Sentinel, and then programmatically updates CrowdStrike device ...

    Raritan, New Jersey, United States

    6 days ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    We develop and empower our people, cultivate relationships, give back to our community, and celebrate every success along the way. We do it all…The Aflac Way.Aflac has been recognized as Fortune's 50 Best Workplaces for Diversity and as one of World's Most Ethical Companies by · ...

    Columbus $99,000 - $132,000 (USD)

    4 weeks ago

  • Work in company

    security automation engineer

    Only for registered members

    We are looking for a Security Automation Engineer with strong experience in Microsoft Sentinel, · SIEM/SOAR automation, · and UEBA analytics to support advanced cybersecurity initiatives.Develop and maintain Microsoft Sentinel SOAR playbooks using Azure Logic Apps and Functions · ...

    Austin, TX

    1 month ago

  • Work in company Remote job

    Security Automation Engineer

    Only for registered members

    The Security Automation Engineer will work with customer(s) supporting our mission to help them quickly and completely adopt our Security Operating Platform, · ...

    Remote

    4 days ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    We are seeking an experienced Security Engineer with a strong technical background in administering, configuring, and maintaining enterprise cybersecurity tools and infrastructure. · ...

    Portland, OR

    2 weeks ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    Advance your IT career in security and automation as a Security Automation Engineer. Lead design, implementation, and optimization of Palo Alto Networks Cortex XSOAR security automation solutions. · ...

    Fully Remote USA

    1 week ago

  • Work in company

    Security Automation Intern

    Only for registered members

    Arnall Golden Gregory seeks a motivated and detail-oriented Security Analyst Intern to support the firm's Information Security program with a focus on SOAR playbooks, AI-driven security, and Zero Trust principles. · ...

    Atlanta, Georgia, , United States

    1 week ago

  • Work in company

    Security Automation Engineer

    Only for registered members

    The Security Automation Engineer will work with customers supporting our mission to help them quickly and completely adopt our Security Operating Platform leaving them more secure. · Follow all Secur-Serv requirements policies procedures and management directions. · ...

    Dallas

    1 month ago