Job Description: Automation / Orchestration / Security Engineer
Full Time
Remote
Position Overview
This position is hands-on and requires strong engineering fundamentals, security domain knowledge, and an automation-first mindset. The engineer will build integrations, develop playbooks/runbooks, and help mature detection-to-response processes with a focus on scalability, safety, and governance.
Key Responsibilities
Own the design and delivery of security automation and orchestration capabilities that improve response time, consistency, and quality across security workflows.
- Develop and maintain SOAR playbooks for alert triage, enrichment, containment, and remediation.
- Build and manage automation integrations with security tooling (SIEM, EDR/XDR, IAM, ticketing, vulnerability management, cloud security) using APIs, webhooks, and event-driven architectures.
- Create reusable automation components (scripts, libraries, templates) with appropriate error handling, retries, logging, and observability.
- Collaborate with SOC analysts and Incident Response to translate procedures into automated runbooks; ensure safe execution with approval gates where needed.
- Design automation with governance: role-based access controls, change management, auditability, and documentation.
- Partner with engineering and infrastructure teams to automate security controls and guardrails (policy-as-code, compliance checks, hardening, configuration drift remediation).
- Support incident response by developing rapid automation for containment and evidence collection (while maintaining chain-of-custody and logging requirements).
Required Qualifications
Candidates must demonstrate strong automation engineering skills, comfort working with APIs and distributed systems, and practical security knowledge relevant to modern enterprise environments.
- 3+ years of experience in automation engineering, security engineering, security operations engineering, or a related role.
- Proficiency in at least one scripting/programming language (Python preferred; PowerShell, or JavaScript).
- Experience with Automation and Orchestration tools like Ansible, Itential, Aria Orchestrator or similar product.
- Hands-on experience designing and implementing automation using APIs (REST/JSON), webhooks, and authentication methods (OAuth2, tokens, mutual TLS).
- Working knowledge of SIEM concepts (log ingestion, correlation, queries) and SOC processes (triage, escalation, incident handling).
- Strong understanding of core security domains: IAM, endpoint security, network security, vulnerability management, and cloud security fundamentals.
- Experience with Git-based workflows and software engineering practices (code review, branching strategies, testing).
- Ability to document solutions clearly (runbooks, diagrams, operating procedures) and communicate effectively with technical and non-technical stakeholders.
Preferred Qualifications and Technical Skills
- Experience with vulnerability management automation (ticketing workflows, remediation tracking, exception handling, SLA reporting).
- Cloud platform experience (AWS, Azure, and/or Google Cloud Platform), including security services and identity models.
- Container and Kubernetes security familiarity
- Experience integrating with EDR/XDR tools and automating response actions (isolation, kill process, quarantine).
- Familiarity with ITSM and workflow tools (ServiceNow, Jira) and structured change management.