Sr. Security Engineer I

Key Responsibilities
•    Design and implement security automation workflows for alert ingestion, enrichment, triage, and response 
•    Develop scripts and playbooks to reduce manual effort and improve incident response efficiency 
•    Integrate SIEM, SOAR, and security tools with case management and ticketing systems 
•    Enhance detection capabilities by incorporating threat intelligence into pipelines 
•    Support detection rule lifecycle management including tuning, validation, and deployment 
•    Troubleshoot and optimize automation processes to reduce false positives and improve signal quality 
•    Collaborate with SOC, Security Engineering, and IT teams to translate requirements into automation solutions 
•    Contribute to development of automation standards, documentation, and runbooks 
•    Identify opportunities to improve processes, tooling, and detection coverage 
•    Act as a technical resource and provide guidance to less experienced team members 
Required Skills
•    Strong experience in security automation, detection engineering, or SOC operations 
•    Hands-on experience with SIEM platforms and alerting frameworks 
•    Proficiency in scripting/programming (e.g., Python, PowerShell) 
•    Experience integrating systems via APIs and automation pipelines 
•    Understanding of cybersecurity frameworks (e.g., MITRE ATT&CK) 
•    Knowledge of incident response processes and threat detection methodologies 
•    Strong analytical and problem-solving skills 
•    Ability to independently execute on complex technical tasks 
 

Qualifications
•    Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field 
•    5–8 years of experience in cybersecurity, security engineering, or related discipline 
•    Experience working in a Security Operations Center (SOC) or similar environment 
•    Familiarity with SOAR platforms and automation playbooks 
•    Experience with cloud environments (AWS, Azure, or GCP) preferred 
•    Knowledge of Infrastructure as Code (e.g., Terraform, Ansible) preferred 
•    Relevant certifications (e.g., Security+, GIAC, CISSP – Associate or progress toward certification) preferred

Key Performance Indicators (KPIs)
•    Short-Term Outcomes (3–6 months)
•    Automate ≥20–30% of repetitive SOC workflows or alert triage tasks 
•    Reduce average incident triage time by 15–25% through automation enhancements 
•    Successfully deploy 3–5 new automation playbooks integrated with SIEM/SOAR tools 
•    Improve alert enrichment coverage to ≥80% of prioritized use cases 
•    Long-Term Outcomes (6–12+ months)
•    Reduce false positive rate in key detection pipelines by 25–40% 
•    Increase automated incident response coverage to ≥50% of common use cases 
•    Achieve measurable reduction in Mean Time to Respond (MTTR) by 20–30% 
•    Expand detection coverage aligned to MITRE ATT&CK across critical threat vectors 
•    Functional Excellence Metrics
•    Technical Delivery
•    Automation reliability ≥95% success rate across workflows 
•    Number of scalable automation solutions adopted across teams 
•    Operational Efficiency
•    Reduction in manual workload hours for SOC analysts 
•    Number of integrations implemented across security tools and platforms 
•    Collaboration & Influence
•    Stakeholder satisfaction with automation solutions and responsiveness 
•    Contributions to documentation, standards, and team knowledge sharing

•    Bachelor’s degree in computer science, Cybersecurity, Information Technology, or related field with 8-10 years of relevant experience