Security and Automation & Detection Engineer
Integrated Resources - new york city, NY
Apply NowJob Description
s an Automation and Detection Engineer, you will play a critical role in enhancing our organization's security posture by automating security processes and developing advanced threat detection capabilities. You will combine technical expertise in scripting, automation, and security analysis to streamline operations, improve efficiency, and proactively identify and mitigate cyber threats. Responsibilities utomation: • Design, develop, and implement automated solutions for various security tasks, including threat detection, incident response, and vulnerability management. • Utilize scripting languages (Python, PowerShell, etc.) and automation tools (Ansible, Jenkins, etc.) to create efficient and scalable automation workflows. • Integrate automation solutions with existing security tools and platforms. • Collaborate with security stakeholders to gather requirements and identify opportunities for automation. • Analyze requirements and translate them into technical specifications for automation solutions. • Prioritize automation projects based on business impact and security risk. • Monitor the performance and availability of automation platforms and tools. • Troubleshoot and resolve issues to ensure platform uptime and reliability. • Optimize automation workflows to improve efficiency and reduce manual effort. • Develop and maintain integrations with various APIs to automate data collection, analysis, and response. • Ensure API integrations are secure, reliable, and compliant with security best practices. • Thoroughly test automation scripts and workflows to identify and fix errors. • Develop test cases to ensure the accuracy and reliability of automation solutions. • Conduct performance testing to optimize automation processes. Detection Engineering: • Develop, test, and deploy high-fidelity detection rules and signatures • Tune and optimize detection rules to reduce false positives and negatives • Conduct regular reviews of detection coverage and identify gaps • Perform threat hunting and incident response activities • Create and refine alerts to prioritize critical security events • Develop automated response actions to mitigate threats efficiently • Collaborate with security operations teams to improve incident response times • Develop and maintain key performance indicators (KPIs) to measure the effectiveness of detection capabilities • Generate regular reports on threat trends and security posture • Contribute to the development and maintenance of security standards and best practices • Participate in security reviews and audits • Stay up-to-date on the latest security threats and vulnerabilities Quals-- • Must have experience with XSOAR and Splunk. • Strong understanding of security principles, threat intelligence, and attack methodologies • Proficiency in scripting languages (Python, PowerShell, etc.) and automation tools. • Experience with API integration and RESTful APIs • Knowledge of cloud technologies (AWS, Azure, GCP) • Strong problem-solving and analytical skills • Excellent communication and collaboration skills • Experience with security information and event management (SIEM) systems and security orchestration, automation, and response (SOAR) platforms • Knowledge of cloud security and cloud-native technologies
Created: 2024-11-09