Sr. Security Engineer I
Bachelor's degree in computer science, Cybersecurity, Information Technology, or related field with 8-10 years of relevant experience
Key Responsibilities
Design and implement security automation workflows for alert ingestion, enrichment, triage, and response
Develop scripts and playbooks to reduce manual effort and improve incident response efficiency
Integrate SIEM, SOAR, and security tools with case management and ticketing systems
Enhance detection capabilities by incorporating threat intelligence into pipelines
Support detection rule lifecycle management including tuning, validation, and deployment
Troubleshoot and optimize automation processes to reduce false positives and improve signal quality
Collaborate with SOC, Security Engineering, and IT teams to translate requirements into automation solutions
Contribute to development of automation standards, documentation, and runbooks
Identify opportunities to improve processes, tooling, and detection coverage
Act as a technical resource and provide guidance to less experienced team members
Required Skills
Strong experience in security automation, detection engineering, or SOC operations
Hands-on experience with SIEM platforms and alerting frameworks
Proficiency in scripting/programming (e.g., Python, PowerShell)
Experience integrating systems via APIs and automation pipelines
Understanding of cybersecurity frameworks (e.g., MITRE ATT&CK)
Knowledge of incident response processes and threat detection methodologies
Strong analytical and problem-solving skills
Ability to independently execute on complex technical tasks
Qualifications
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
5-8 years of experience in cybersecurity, security engineering, or related discipline
Experience working in a Security Operations Center (SOC) or similar environment
Familiarity with SOAR platforms and automation playbooks
Experience with cloud environments (AWS, Azure, or GCP) preferred
Knowledge of Infrastructure as Code (e.g., Terraform, Ansible) preferred
Relevant certifications (e.g., Security+, GIAC, CISSP - Associate or progress toward certification) preferred
Key Performance Indicators (KPIs)
Short-Term Outcomes (3-6 months)
Automate 20-30% of repetitive SOC workflows or alert triage tasks
Reduce average incident triage time by 15-25% through automation enhancements
Successfully deploy 3-5 new automation playbooks integrated with SIEM/SOAR tools
Improve alert enrichment coverage to 80% of prioritized use cases
Long-Term Outcomes (6-12+ months)
Reduce false positive rate in key detection pipelines by 25-40%
Increase automated incident response coverage to 50% of common use cases
Achieve measurable reduction in Mean Time to Respond (MTTR) by 20-30%
Expand detection coverage aligned to MITRE ATT&CK across critical threat vectors
Functional Excellence Metrics
Technical Delivery
Automation reliability 95% success rate across workflows
Number of scalable automation solutions adopted across teams
Operational Efficiency
Reduction in manual workload hours for SOC analysts
Number of integrations implemented across security tools and platforms
Collaboration & Influence
Stakeholder satisfaction with automation solutions and responsiveness
Contributions to documentation, standards, and team knowledge sharing
