Security Engineer

About the Position:
We are seeking a dedicated and experienced Security Analyst to bolster our Security Operations and Incident Response capabilities. In this role, you will play a pivotal part in fortifying our global Information Systems security infrastructure and responding effectively to potential security threats. Your responsibilities will encompass the daily operations of our security technologies, alongside proactive analysis, and response to security incidents. Collaboration with our Information Services team will be integral to maintaining and enhancing our organization's security posture and safeguarding our data assets.
About the Team:
As a valued member of our Cyber Intelligence Centre/Security Operations team, you will advocate a pragmatic approach to proposing and implementing security solutions. You will actively contribute to the continual analysis of our security logs and posture to uphold our organization's security and situational awareness regarding potential threats.

What you'll do

• Automation of Security Processes:
• Develop, implement, and manage automated workflows for incident detection, investigation, and remediation.
• Automate routine security tasks such as log analysis, vulnerability scanning, and patch management.
• Integrate security tools (SIEM, SOAR, endpoint protection, threat intelligence platforms) to create seamless, automated workflows.
• Incident Response Automation:
•  Work with the Incident Response team to identify opportunities for automation in response procedures.
• Develop automated playbooks for various incident types (e.g., phishing, malware, DDoS attacks) to reduce response time and human error.
• Implement automated alert triage systems to prioritize and categorize security incidents based on severity.
• Threat Intelligence Integration:
•  Automate the ingestion and processing of threat intelligence feeds (e.g., IOCs, TTPs) into security monitoring systems.
• Enhance threat detection capabilities by integrating real-time threat intelligence into automated workflows.
• Continuous Improvement: 
• Continuously evaluate and improve automated security processes for efficiency, effectiveness, and scalability.
• Identify gaps in automation and develop new solutions to improve response times and security coverage.
• Monitor automation processes and tools to ensure they operate effectively and without interruption.
• Collaboration & Communication:
• Work closely with the SOC team to ensure automation initiatives align with the organization’s security policies and standards.
• Collaborate with IT, DevOps, and Engineering teams to ensure automated security solutions are integrated across the infrastructure.
• Provide documentation and training to security teams on new automated processes and tools.
• Security Monitoring and Reporting: 
• Develop dashboards and reports to track the performance of automated security processes and identify areas for improvement.
• Ensure that key security metrics (e.g., mean time to detect, mean time to respond) are optimized via automation.
• Security Tool Management: 
• Manage and maintain automation tools, ensuring they are up to date and optimized for maximum performance.
• Evaluate and implement new security automation tools and technologies as appropriate.

What you'll bring:

• Education & Experience:
• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Minimum of 5-10 years of experience in a Security Operations role (SOC, Incident Response, or Threat Intelligence).
• Proven experience with security automation tools, SIEM platforms (e.g., MS Sentinel).
• Experience with scripting languages (Python, PowerShell, Bash) and automation frameworks (e.g., Ansible, Terraform, or similar).
• Hands-on experience with security technologies such as IDS/IPS, endpoint protection, firewalls, and vulnerability management tools.
• Technical Skills:
•  Expertise in implementing and managing security automation processes and systems.
• Familiarity with cloud environments (AWS, Azure, GCP) and cloud-native security tools.
• Experience in building and maintaining automated incident response playbooks.
• Proficiency in security monitoring tools such as SIEM, EDR, NDR, and IDS/IPS.
• Soft Skills:
•  Strong problem-solving and analytical skills.
• Excellent communication skills and ability to collaborate with cross-functional teams.
• Ability to prioritize tasks, manage time effectively, and work under pressure.
• Strong attention to detail and commitment to continuous learning.
• Desirable:
•  Certifications such as CISSP, CEH, CISM, or similar are highly desirable.
• Familiarity with DevSecOps practices and CI/CD pipeline security.
• Experience with threat hunting and proactive security measures.