Cyber Detection & Automation Engineer Â
Cyber Detection & Automation Engineer Â
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Who we are
We are an innovative performance apparel company for yoga running training and other athletic pursuits. Setting the bar in technical fabrics and functional design we create transformational products and experiences that support people in moving growing connecting and being well. We owe our success to our innovative product emphasis on stores commitment to our people and the incredible connections we
make in every community were in. As a company we focus on creating positive change to build a healthier thriving future. In particular that includes creating an equitable inclusive and growth-focused environment for our people.
About this team
The cybersecurity team enables us to conduct its global operations in a secure manner and safeguard the trusted information of its guest and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk and by maintain a high degree of employee awareness of all security and compliance topics. To further enhance our team we are looking for a Cyber Detection & Automation Engineer.
A day in the life:
The Cyber Detection & Automation Engineer will be responsible designing developing and maintaining advanced threat detection logic and workflow automations across our security tools and platforms. You will work closely with SOC analysts threat intelligence and incident response commanders to ensure proactive and accurate detection of malicious activity in our environment.
Design implement and automate high-fidelity detection rules using SIEM EDR and other telemetry sources (e.g. Sentinel Defender AWS etc.) to improve efficiency and accuracy.
Monitor and tune alerts to reduce false positives and improve signal-to-noise ratio.
Regularly test and validate detection content to ensure its effectiveness and accuracy.
Create documentation and knowledge transfer materials for detections and engineering processes.
Perform gap analysis and continuously improve detection coverage accuracy and resilience.
Design and develop security automations workflows using SOAR (Security Orchestration Automation and Response) primarily using Microsoft Sentinel/Logic Apps.
Build and maintain custom integrations with SIEM EDR Threat Intel feeds ticketing systems and other SOC tools.
Automate repetitive SOC tasks such as alert triage enrichment IOC lookups and ticket creation.
Develop dashboards or utilities to improve visibility and operational insights into SOC metrics.
Collaborate with security operations center analysts & threat intelligence to stay ahead of evolving adversary tactics (MITRE ATT&CK-based).
Create and update relevant runbooks playbooks and other necessary documentation around detection rules and attacker TTPs.
Prepare and present detailed reports on detection/automation activities findings and improvements to senior management.
Qualifications:
Bachelors degree in cybersecurity computer science information technology or related field.
5 years in cybersecurity with 3 years specifically in detection and automation engineering.
Proficiency in writing detection logic using KQL SPL or other relevant query languages.
Experience with query languages such as KQL SPL and scripting languages (Bash PowerShell Python JavaScript)
Proficient in developing automations using SOAR platforms specifically Microsoft Sentinel/Logic Apps
Understanding of SOC operations incident response workflows and threat detection techniques.
Experience with RESTful APIs and integration of third-party tools. Experience building advanced analytics (ML) and developing AI agents/tools Experience in a cloud-first or hybrid cloud environment (preferably AWS and Azure).
Strong practical knowledge of the MITRE ATT&CK framework and how to map adversary behaviors to telemetry for detection design.
Deep understanding of attacker TTPs threat modeling and detection methodologies.
Familiarity with version control (Git) CI/CD pipelines and infrastructure as code concepts.
Experience in using security orchestration automation and response tools. Strong analytical skills to analyze large volumes of data and identifying potential threats patterns.
The ability to effectively communicate both verbally and in writing to audiences of different technical skill levels.
Ability to collaborate cross-functionally in a fast-paced retail business environment.
Relevant certifications such as:
o Microsoft SC-200 Azure Security Engineer Associate
o AWS Certified Security Specialty
o GIAC (GCIA GCTI GDAT) CISSP or CISM
Must haves:
Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
Communicates with honesty kindness and creates the space for others to do the same.
Leads with courage knowing the possibility of greatness is bigger than the fear of failure.
Fosters connection by putting people first and building trusting relationships. Integrates fun and joy as a way of being and working aka doesnt take themselves too seriously.
Required Skills : Network Security
Basic Qualification :
Additional Skills :
Background Check : No
Drug Screen : No
Employment Type
Full-time
