Description
We are looking for a highly skilled Detection & Automation Engineer to act as the technical cornerstone of our newly expanding 24/7 Security Operations Center. In this role, you will lead the detection engineering efforts across our entire corporate, large-scale cloud infrastructure, and core product telemetry, while playing a pivotal role in evaluating, deploying, and building our first SOAR platform.
If you are an action-oriented builder who loves writing high-fidelity detection rules, integrating APIs, automating manual SecOps tasks, and architecting data pipelines from the ground up, this role is for you.
Responsibilities
- Drive SOAR Implementation: Lead the POC, selection, and deployment of a modern SOAR platform. Build the API connectors and Python-based playbooks to automate the triage and incident containment.
- Own the SIEM: Lead data ingestion, parsing, and CIM mapping for our corporate infrastructure, cloud, and product telemetry
- AI-Driven Automation: Integrate AI and LLM capabilities into SOAR workflows and automation scripts to accelerate alert triage, summarize complex threat data, and streamline incident response.
- Advanced Detection Engineering: Translate complex threat intelligence and 3rd-party IR logic into native, high-fidelity alerts inside the SIEM and Application logging platforms
- Continuous Tuning: Work closely with the SecOps Analysts in a continuous feedback loop to tune out False Positives and ensure alert fatigue is minimized.
- Architectural Integration: Ensure seamless log flow and webhook integrations between infrastructure, SIEM, and our security stack.
Requirements
- 3+ years of hands-on experience in Detection Engineering, SecOps, or Security Automation roles.
- Proven experience building playbooks in SOAR platforms (e.g., XSOAR, Tines, Torq, Splunk SOAR, n8n).
- Strong scripting skills (Python, Bash) and deep experience interacting with REST APIs to connect disparate security tools.
- Deep technical expertise in Splunk (SPL, Dashboards, Data Models, CIM mapping, and alert creation).
- Solid understanding of Cloud Security (AWS or GCP) and containerized environments (Kubernetes). Experience analyzing cloud-native logs (CloudTrail, VPC Flow logs, etc.).
- Excellent analytical and troubleshooting skills, with a "builder" mentality—the ability to take a process that is currently done manually or does not exist, break it down logically, and automate it end-to-end.
