Senior Security Engineer / Tool Automation

Job Summary

Required Qualifications

• 8+ years in cybersecurity, including hands‐on threat hunting, digital forensics and incident response (DFIR), and security engineering.
• Proven experience designing and executing hypothesis‐driven threat hunts across endpoints, networks, and cloud environments, and operationalizing findings into new detections or controls.
• Demonstrated hands-on experience performing endpoint and cloud forensics during investigations.
• Strong experience with SIEM and NG‐SIEM platforms, SOAR, and EDR/XDR tools as primary data sources for hunting.
• Deep understanding of MITRE ATT&CK and threat actor TTPs, and ability to translate them into hunt hypotheses, queries, and forensic pivot points.
• Proficiency in scripting or utilizing automation tools (Python, PowerApps, Power Automate, or similar) to automate hunting and forensic data collection, enrichment, and reporting.
• Hands-on experience with cloud security (AWS, Azure, GCP) and infrastructure as code (Terraform, Ansible).
• Solid grasp of UNIX/Linux systems, networking protocols, and firewall architecture.
• Experience with vulnerability management, penetration testing, and secure architecture design.
• Excellent communication skills with ability to interface across technical and non‐technical stakeholders.

Desired Qualifications

• Certifications: GCIH, GCFR, GCFA, or equivalent SANS DFIR / threat hunting training.
• Experience with ServiceNow, ADO, or similar ticketing/case management systems.
• Familiarity with container orchestration (Kubernetes, Docker) and CI/CD pipelines.
• Exposure to FedRAMP, eDiscovery, and DLP casework.
• Strong interpersonal skills and a collaborative mindset.
• Ability to lead and mentor junior engineers and analysts in threat hunting and DFIR methodologies.
• Ability to drive strategic long‐term initiatives with cross‐org leaders.
• Ability to effectively present technical investigations, threat hunts, and recommendations to executive leadership.