Job description

Looking for a candidate with extensive Python scripting experience in building UI front-end orchestration and task automation. The role involves automating work using APIs and custom code, investigating cybersecurity alerts, and performing detection engineering with xSOAR. Familiarity with Panda, Azure cloud, Azure platform security control administration, ML, LLMS, and automating work using APIs and custom code is essential. The candidate should have experience investigating cybersecurity alerts, detection engineering, hybrid Azure and on-premise environments, writing analytics to detect malicious activity, and managing cloud security platforms, including open-source tools. On-call rotation is required, with a schedule of 1 week every 8 weeks. Additional experience in Splunk investigations, SIEM, incident response, threat forensic investigations, threat analysis, EDR, NGFW, network monitoring, endpoint detection and response, and network monitoring tools is also desirable. Responsibilities • Solution Engineering: Design, develop, and deploy cyber defense tools, platforms, and capabilities supporting threat detection, incident response, and forensic investigations. • Technical Leadership: Serve as a subject matter expert in cyber defense engineering, providing guidance and insights to customers, peers, and the cyber engineering strategy. • Threat Analysis: Collaborate with operations to analyze emerging threats and current gaps, implementing measures to enhance defense mechanisms. • Develop and refine threat defense analytics to detect cyber-attacks effectively. • Build task automation and procedure orchestration to support cyber defense operations. • Problem Solving: Troubleshoot and resolve complex cyber engineering challenges, identify root causes of outages and errors, and develop sustainable solutions. • Innovation & Continuous Improvement: Stay updated on cybersecurity trends and technologies, applying best practices to enhance defense strategies. • Documentation: Maintain accurate procedures and documentation for all capabilities and services. • On-Call: Support capability availability incidents and assist the cyber defense operations team, leveraging hands-on experience to identify automation opportunities. Qualifications • Bachelor’s degree or relevant military experience in lieu of a degree. • 8+ years of experience in cybersecurity engineering, detection engineering, incident response, or related roles, with proven problem-solving skills in high-stakes environments. • Significant experience with Python for automation and orchestration. • Hands-on experience deploying and configuring security platforms such as SIEM, SOAR, EDR, NGFW, and network monitoring tools. • Experience integrating cybersecurity tools and using APIs for automation. • Experience building and deploying threat defense analytics using detection engineering pipelines. • Strong analytical skills and attention to detail. • Strong technical writing skills for documentation, process mapping, and visualization. • Ability to work independently, lead projects, and overcome challenges in collaborative environments. Nice to Have: • Experience with LLMs, ML, or advanced analytics in enterprise cybersecurity workflows.

Requirements