Overview
Skills
Job Details
Job Role -
Hybrid - Seattle WA
Contract - W2 role
Job Description
The Cyber Detection & Automation Engineer will be responsible designing, developing, and maintaining advanced threat detection logic and workflow automations across our security tools and platforms. You will work closely with SOC analysts, threat intelligence, and incident response commanders to ensure proactive and accurate detection of malicious activity in our environment.
Design, implement and automate high-fidelity detection rules using SIEM, EDR, and other telemetry sources (e.g. Sentinel, Defender, AWS, etc.) to improve efficiency and accuracy.
Monitor and tune alerts to reduce false positives and improve signal-to-noise ratio.
Regularly test and validate detection content to ensure its effectiveness and accuracy.
Create documentation and knowledge transfer materials for detections and engineering processes.
Perform gap analysis and continuously improve detection coverage, accuracy, and resilience.
Design and develop security automations workflows using SOAR (Security Orchestration, Automation, and Response) primarily using Microsoft Sentinel/Logic Apps.
Build and maintain custom integrations with SIEM, EDR, Threat Intel feeds, ticketing systems, and other SOC tools.
Automate repetitive SOC tasks such as alert triage, enrichment, IOC lookups, and ticket creation.
Develop dashboards or utilities to improve visibility and operational insights into SOC metrics.
Collaborate with security operations center analysts & threat intelligence to stay ahead of evolving adversary tactics (MITRE ATT&CK-based).
Create and update relevant runbooks, playbooks and other necessary documentation around detection rules and attacker TTP's.
Prepare and present detailed reports on detection/automation activities, findings, and improvements to senior management.
Qualifications:
Bachelor s degree in cybersecurity, computer science, information technology, or related field.
5+ years in cybersecurity, with 3+ years specifically in detection and automation engineering.
Proficiency in writing detection logic using KQL, SPL or other relevant query languages.
Experience with query languages such as KQL, SPL and scripting languages (Bash, PowerShell, Python, JavaScript)
Proficient in developing automations using SOAR platforms, specifically Microsoft Sentinel/Logic Apps
Understanding of SOC operations, incident response workflows, and threat detection techniques.
Experience with RESTful APIs and integration of third-party tools. Experience building advanced analytics (ML) and developing AI agents/tools Experience in a cloud-first or hybrid cloud environment (preferably AWS and Azure).
Strong, practical knowledge of the MITRE ATT&CK framework, and how to map adversary behaviors to telemetry for detection design.
Deep understanding of attacker TTPs, threat modeling, and detection methodologies.
Familiarity with version control (Git), CI/CD pipelines, and infrastructure as code concepts.
Experience in using security orchestration, automation, and response tools. Strong analytical skills to analyze large volumes of data and identifying potential threats, patterns.
The ability to effectively communicate both verbally and in writing to audiences of different technical skill levels.
Ability to collaborate cross-functionally in a fast-paced retail business environment.
Relevant certifications such as:
o Microsoft SC-200, Azure Security Engineer Associate
o AWS Certified Security Specialty
o GIAC (GCIA, GCTI, GDAT), CISSP, or CISM
Must haves:
Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
Communicates with honesty, kindness and creates the space for others to do the same.
Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
Fosters connection by putting people first and building trusting relationships.
Integrates fun and joy as a way of being and working, aka doesn t take themselves too seriously.