About the Role
The Senior Security Automation & Detection Engineer is a key technical contributor responsible for the implementation, tuning, and automation of the Client’s endpoint security ecosystem. This role is designed for a hands-on expert who can take a technical requirement and turn it into a robust, automated defense mechanism.
You will focus on the deep engineering of EDR/XDR platforms and the development of sophisticated SOAR playbooks. Your goal is to ensure that security telemetry is not just collected, but utilized to trigger machine-speed responses that protect the enterprise 24/7.
What you will do:
EDR/XDR Engineering & Deployment
- Execute the engineering, deployment, and configuration of enterprise EDR/XDR platforms (e.g., CrowdStrike, Microsoft Defender, SentinelOne, or Cortex XDR).
- Implement endpoint policy hardening and behavioral analytics to reduce the attack surface across global environments.
- Build and maintain complex detection rules and correlation logic tailored to identify advanced adversary TTPs.
SOAR & Automation Development
- Design and develop automated SOAR playbooks and triage workflows to streamline incident handling.
- Write custom scripts in Python and PowerShell to integrate security tools and automate repetitive tasks via APIs.
- Build automated threat containment and incident enrichment pipelines to significantly reduce the Mean Time to Respond (MTTR).
Detection Tuning & Telemetry Correlation
- Perform continuous detection tuning to reduce false positives and improve the fidelity of security alerts.
- Correlate telemetry across multiple SIEM platforms to ensure visibility into lateral movement and persistence.
- Support threat hunting efforts by providing high-quality telemetry and behavioral rule creation based on the MITRE ATT&CK framework.
Tools & Technologies:
- EDR/XDR: Advanced hands-on experience with CrowdStrike, Microsoft Defender, SentinelOne, or Palo Alto Cortex.
- SOAR: Practical experience building workflows in Cortex XSOAR, Splunk SOAR, or Microsoft Sentinel (Logic Apps).
- Languages: Strong proficiency in Python and PowerShell for security automation.
- SIEM: Familiarity with Microsoft Sentinel, Splunk, or similar enterprise SIEMs.
- Standards: Deep understanding of the MITRE ATT&CK framework.
What you bring:
- 5–8+ years of hands-on experience in Security Engineering, Detection Engineering, or Security Automation.
- Technical Autonomy: Proven ability to deploy and manage security platforms at an enterprise scale with minimal supervision.
- Automation Skills: Experience writing code to automate security responses and integrate different technology stacks.
- Analytical Precision: Ability to analyze raw telemetry and create effective detection