Associate Engineer, SOAR Information Security

Job Description

JOB SUMMARY

Marriott wishes to add an Associate Engineer to Cyber Analytics and Automation team for our Security Orchestration and Automated Response (SOAR) Platform. In this role you will be responsible for gathering requirements, developing, and maintaining security automations leveraging a SOAR platform and agentic AI solutions. You will also use process automation to develop advanced automation playbooks for our Cybersecurity Incident Response Team (CIRT), Vulnerability Management (VM), Insider Threat, Threat Intel, and Detection Engineering teams.

CANDIDATE PROFILE

Education and Experience

Required:

• Bachelor's degree in Computer Sciences or related field or equivalent experience/certification

• Prior experience in technology engineering experience including:

• Proven experience with Python scripting

• Proven experience working with Splunk ES

• Proven experience in working with the Unix/Linux command line

• Familiarity with common enterprise infrastructure systems, services and concepts pertaining to: general networking, next-gen firewalls, endpoint protection, IDS, IPS, vulnerability management, Linux and Windows OS, databases, logging platforms, and SDLC concepts

• Experience with Microsoft Visio or other visual diagramming software

• Ability to identify reconcilable process or workflow inefficiencies and propose more efficient solutions that employ the use of automation

• Strong written and verbal communication skills

Preferred:

• Demonstrated experience collaborating with cross-functional cybersecurity teams to understand business and technical processes, and collection of actionable requirements that inform the design and development of SOAR automation solutions

• Hands on experience with a SOAR or other automation platform

• Hands on experience using and deploying agentic AI solutions in a professional setting

• Familiarity with AWS cloud services

• Familiarity (or greater) skill level in SQL

• Background in IT security/systems administration or IT security/systems engineering

• Working knowledge of MITRE ATT&CK, or similar incident response frameworks

• An understanding of core Agile principles

• Detail oriented work style

CORE WORK ACTIVITIES

Technical Execution:

• Support development and maintenance of automation playbooks, dashboards, reports, and metrics for Cybersecurity Operations and partners.

• Assist with monitoring and optimizing SOAR platform performance.

• Collaborate as needed to ensure SOAR implementation complies with security policies.

• Support evaluation and selection of security products for departmental needs as directed.

• Use capability modeling to help align automation implementation with business strategy

• Provide tier-3 and after-hours support in on-call rotation for SOAR-related escalations.

Collaboration and Communication:

• Works closely with Security Architecture, Security Engineering, Threat Intelligence and the Cyber Incident Response Team to help develop solutions to address emerging threats, support requested service enhancements, and to support the development of new threat detection use cases.

• Coordinates with service providers on infrastructure management and maintenance operations.

• Collaborate with Security Engineers and Architects to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate.

• Attend SCRUM and prioritization meetings to review and update deliverables.

• Maintain documentation for SOAR service management and SOPs pursuant to security and privacy policy.

Continuous Improvement:

• Support ongoing evaluation of the effectiveness of the SOAR and related platform and requisite services to identify operational improvements, reduce costs, increase performance and automate where possible.

• Help evaluate automations, and other activities to identify opportunities to optimize and reduce costs.

• Contribute to the development and refinement of detection engineering standards, workflows, and best practices.

• Following best practices pertaining to lifecycle management.

At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.

About Us

All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here to learn more.

Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.

Washington Applicants Only: Employees will accrue paid sick leave, 0.077 PTO balance for every hour worked and be eligible to receive a minimum of 9 holidays annually.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

About the Team

Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.