Senior Engineer, Security Content Automation

Job Description

Job Summary: As a Senior Engineer for Content Automation and Development, you will be responsible for the creation, fine-tuning, and implementation of SIEM/XDR use cases, as well as the development and optimization of SOAR playbooks. Ideate, design, and implement effective security use cases and automation playbooks that enhance security operation automation and meet customer requirements.
Key Responsibilities:
SIEM/XDR Use Case:
Design, develop, and implement SIEM/XDR use cases to detect and respond to security threats.
Fine-tune existing use cases to improve accuracy and reduce false positives.
Collaborate with threat intelligence and incident response teams to identify new use case requirements.
SOAR Playbook:
Create, develop, and implement SOAR playbooks for automated incident response. Proficiency in designing and implementing end-to-end workflows. 
Design, build and integrate AI/ML models and data driven solutions to solve business problems and enhance decision-making process for proactive monitoring, incident management etc
Customize playbooks to address specific security incidents and operational workflows.
Refine and optimize playbooks based on feedback and changing threat landscapes.
Ability to map out and optimize security incident response workflows within the SOAR platform. 
Experience working with APIs to integrate security platforms. Knowledge of CSP APIs (AWS, Azure, GCP Cloud) for security automation. 
Understand data normalization techniques to ensure consistency in data formats across integrated security tools. 
Develop metrics and reports to measure the effectiveness of automated processes. Generate reports on KPIs related to incident response and automation. 
Use Case and Playbook Ideation:
Conduct research and analysis to identify new security threats and trends.
Ideate and propose new use cases and playbooks to address emerging threats.
Requirement gathering from stakeholders.
Implementation and Testing:
Implement and test use cases and playbooks in the production environment.
Validate the effectiveness of use cases and playbooks through regular testing and evaluation.
Troubleshoot and resolve issues related to use case and playbook implementation.
Documentation and Reporting:
Document use cases and playbooks, including design, implementation, and maintenance details.
Provide regular reports on the performance and effectiveness of use cases and playbooks.
Develop and deliver training for security operations teams on new use cases and playbooks.
Collaboration and Support:
Collaborate with stakeholders to integrate use cases and playbooks with other security platforms.
Provide technical support and guidance regarding use cases and playbooks.
Continuous Improvement:
Stay current with the latest security trends, technologies, and best practices.
Seek opportunities to improve the efficiency and effectiveness of use cases and playbooks.

Qualifications

Qualifications:
Bachelor’s or Advanced degree in computer science, information security, or a related field. 
4+ years of relevant experience, with a focus on SIEM, SOAR, XDR, EDR or related technologies.
Experience in developing and fine-tuning security use cases and automation playbooks.
Knowledge of scripting languages (e.g., Python, PowerShell) for playbook automation.
Strong understanding of security operations, threat detection, and incident response.
Experience with RSA Netwitness, Splunk, IBM QRadar, Palo Alto XDR, XSOAR, XSIAM and others.
Good knowledge on CSP (AWS or GCP or Alicloud certification) and network connectivity services useful for setting up the SOC and customer on-boarding. 
GCIA, GCIH, CISSP and/or SIEM/SOAR/XDR vendor specific certifications, if any.

Essential Skills:
Excellent project management skills and experience with Agile methodologies. 
Strong decision-making and interpersonal skills to foster teamwork and achieve goals.
Passion for delivering high-quality projects and products.
Strong business evaluation acumen and Knowledge in IT service administration