← Back to Jobs
Full Time

Security Automation Engineer - VDart - Ridgecrest, NC

VDart

Apply Now
Ridgecrest, NC
Google Jobs
Posted 14 days ago

Key ResponsibilitiesSecurity Automation & Playbook EngineeringDesign and implement complex, multi-stage automation playbooks in Cortex XSIAM/XSOAR, leveraging both out-of-the-box integrations and custom Python scriptingBuild scalable workflows incorporating conditional logic, loops, sub-playbooks, and automated decision treesConvert manual triage and response processes into fully automated workflowsPlatform Ownership & OptimizationManage and optimize the Cortex XSIAM environment, including:Data ingestion strategyXQL (Xalt Query Language) query developmentAlert tuning and noise reductionContinuously refine automation logic to reduce false positives and ensure analysts focus on high-fidelity threatsIntegration & API DevelopmentDevelop custom integrations between XSIAM and third-party tools including EDR, firewalls, IAM platforms, and cloud environments (AWS, Azure, etc.)Build and maintain REST API integrations using JSON/XML payloads where native connectors are insufficientPerform regression testing of automation scripts to ensure low error rates and production reliabilitySOC Transformation & Continuous ImprovementDrive the initiative toward 80% automation coverage across the playbook libraryIdentify repetitive analyst tasks suitable for automation and design resilient remediation workflowsEmbed MITRE ATT&CK-aligned logic into automation workflows to strengthen detection and response maturityPartner with SOC leadership to measure and improve MTTR, response consistency, and operational efficiencyTechnical QualificationsExpert-level Cortex XSIAM/XSOAR experience with demonstrated success building complex, production-grade playbooksAdvanced proficiency in Python (mandatory) and strong PowerShell scripting capabilitiesStrong command of XQL for data correlation, threat hunting, and dashboard creationDeep understanding of the MITRE ATT&CK framework and common incident response workflows (phishing, malware, brute force, privilege escalation, etc.)Experience working with REST

Apply for this Position