Group Specialist - Cyber Engineering Automation

About the Role

The role involves designing and deploying automated workflows and playbooks that span SOC, CSPM, vulnerability management, and IAM environments. You will integrate a variety of security solutions—including Sentinel, Wiz, SailPoint, Check Point, and Zscaler—through APIs and event‑driven automation. Automation will be built for incident response, threat enrichment, user isolation, and ticketing using SOAR platforms such as Microsoft Sentinel Logic Apps, Cortex XSOAR, FortiSOAR, or custom Python frameworks. Additionally, you will create reusable modules, enable real‑time telemetry ingestion, and maintain cross‑platform integrations across IT, OT, and cloud tools. The position also requires embedding security controls as infrastructure‑as‑code, supporting cloud posture monitoring for Azure, AWS, and GCP, and integrating automation into DevSecOps pipelines for continuous compliance and vulnerability scanning. AI‑driven playbooks for phishing, malware, and insider‑threat scenarios, as well as threat‑intel enrichment with services like VirusTotal and Recorded Future, are part of the remit, with ongoing tuning based on MITRE ATT&CK and ATLAS techniques. Beyond technical duties, you act as an ambassador for DP World, upholding the Founder’s Principles, safety standards, and the Code of Conduct. The role reports to the broader security engineering team and may include other assigned tasks. • Design and implement automated workflows/playbooks across SOC, CSPM, vulnerability management, and IAM platforms. • Integrate security tools (Sentinel, Wiz, SailPoint, Check Point, Zscaler) via APIs and event‑driven automation. • Build SOAR‑based automation for incident response, threat enrichment, user isolation, and ticketing (e.g., Logic Apps, Cortex XSOAR, FortiSOAR, Python frameworks). • Develop and maintain cross‑platform integrations for IT, OT, and cloud security visibility. • Enable real‑time telemetry ingestion and correlation using APIs, data pipelines, or event hubs. • Create reusable automation modules and templates for global rollout. • Automate cloud posture monitoring and remediation for Azure, AWS, and GCP using CSPM/CNAPP APIs. • Engineer infrastructure‑as‑code security controls and guardrails with Terraform, Ansible, or ARM templates. • Embed automation into DevSecOps pipelines for continuous compliance, vulnerability scanning, and drift detection. • Implement AI‑driven response and enrichment playbooks for phishing, malware, and insider‑threat cases. • Develop threat‑intel enrichment automation (VirusTotal, MISP, Recorded Future) and ticket closure workflows (JIRA, ServiceNow). • Continuously tune automation based on MITRE ATT&CK and MITRE ATLAS techniques.

Key Responsibilities

• ▸workflow automation
• ▸api integration
• ▸soar automation
• ▸cloud posture
• ▸iac security
• ▸devsecops automation

What You Bring

The ideal candidate holds a Bachelor’s degree in Computer Science or Engineering and brings over 16 years of relevant experience, including 7–12 years in cybersecurity and at least three years focused on security automation or SOAR engineering. Proficiency with SOAR platforms, Python, PowerShell, REST APIs, cloud automation (Azure, AWS, GCP), IaC tools (Terraform, Ansible), and CI/CD pipelines is essential, as is a solid understanding of incident response, SOC processes, and MITRE frameworks. • Bachelor’s degree in Computer Science, Engineering, or related field. • 16+ years of relevant experience; 7–12 years in cybersecurity; minimum 3 years in security automation/SOAR engineering. • Hands‑on expertise with SOAR platforms (Cortex XSOAR, FortiSOAR, Microsoft Sentinel Logic Apps, Splunk SOAR, or custom Python). • Strong scripting skills in Python, PowerShell, REST API, JSON, YAML. • Experience automating cloud environments (Azure, AWS, GCP) using Lambda, Logic Apps, Functions, EventHub. • Proficiency with IaC tools such as Terraform, Ansible, Jenkins, GitHub Actions. • Knowledge of integrating SIEM, EDR/XDR, IAM, DLP, CSPM, CNAPP, CASB, and vulnerability scanners. • Deep understanding of incident response, SOC processes, and MITRE ATT&CK frameworks. • Demonstrated ability to reduce manual operational workload through scalable automation.

Requirements

• ▸bachelor’s
• ▸soar
• ▸python
• ▸terraform
• ▸azure
• ▸incident response

Work Environment

Office Full-Time