Title: Technical Lead-Cybersecurity
Area(s) of responsibility
Job Description: Automation / Orchestration / Security Engineer
Fulltime
Remote
Position Overview
The Automation / Orchestration / Security Engineer designs, builds, and maintains automation and orchestration solutions that improve security outcomes, reduce manual effort, and increase reliability across security operations and engineering. This role partners with Security Operations, Incident Response, IT, and Platform/Cloud teams to integrate tools, standardize workflows, and implement measurable, auditable security automation.
This position is hands-on and requires strong engineering fundamentals, security domain knowledge, and an automation-first mindset. The engineer will build integrations, develop playbooks/runbooks, and help mature detection-to-response processes with a focus on scalability, safety, and governance.
Key Responsibilities
Own the design and delivery of security automation and orchestration capabilities that improve response time, consistency, and quality across security workflows.
- Develop and maintain SOAR playbooks for alert triage, enrichment, containment, and remediation.
- Build and manage automation integrations with security tooling (SIEM, EDR/XDR, IAM, ticketing, vulnerability management, cloud security) using APIs, webhooks, and event-driven architectures.
- Create reusable automation components (scripts, libraries, templates) with appropriate error handling, retries, logging, and observability.
- Collaborate with SOC analysts and Incident Response to translate procedures into automated runbooks; ensure safe execution with approval gates where needed.
- Design automation with governance: role-based access controls, change management, auditability, and documentation.
- Partner with engineering and infrastructure teams to automate security controls and guardrails (policy-as-code, compliance checks, hardening, configuration drift remediation).
- Support incident response by developing rapid automation for containment and evidence collection (while maintaining chain-of-custody and logging requirements).
Required Qualifications
Candidates must demonstrate strong automation engineering skills, comfort working with APIs and distributed systems, and practical security knowledge relevant to modern enterprise environments.
- 3+ years of experience in automation engineering, security engineering, security operations engineering, or a related role.
- Proficiency in at least one scripting/programming language (Python preferred; PowerShell, or JavaScript).
- Experience with Automation and Orchestration tools like Ansible, Itential, Aria Orchestrator or similar product.
- Hands-on experience designing and implementing automation using APIs (REST/JSON), webhooks, and authentication methods (OAuth2, tokens, mutual TLS).
- Working knowledge of SIEM concepts (log ingestion, correlation, queries) and SOC processes (triage, escalation, incident handling).
- Strong understanding of core security domains: IAM, endpoint security, network security, vulnerability management, and cloud security fundamentals.
- Experience with Git-based workflows and software engineering practices (code review, branching strategies, testing).
- Ability to document solutions clearly (runbooks, diagrams, operating procedures) and communicate effectively with technical and non-technical stakeholders.
Long Description
Preferred Qualifications and Technical Skills
- Experience with vulnerability management automation (ticketing workflows, remediation tracking, exception handling, SLA reporting).
- Cloud platform experience (AWS, Azure, and/or GCP), including security services and identity models.
- Container and Kubernetes security familiarity
- Experience integrating with EDR/XDR tools and automating response actions (isolation, kill process, quarantine).
- Familiarity with ITSM and workflow tools (ServiceNow, Jira) and structured change management.
Success Criteria, Working Relationships, and Additional Information
Success in this role is measured by increased automation coverage, reduced manual toil, improved response timelines, and safe, reliable orchestration with strong governance and auditability.
- Deliver high-impact playbooks that measurably reduce MTTA/MTTR and analyst workload.
- Ensure automations follow least-privilege and change-control requirements; maintain strong logging and traceability.
- Partner effectively with SOC, IR, IT, and Cloud/Platform Engineering to align workflows and implement remediation actions safely.
- Create clear documentation and knowledge transfer materials to enable operational ownership and scale.
- Uphold secure coding practices and ensure automation cannot be abused (input validation, permission boundaries, approval steps).