Cyber Detection & Automation Engineer

Job Description About this team The cybersecurity team enables us to conduct our global operations securely and safeguard trusted information of our guests and users. This is achieved by understanding business risks related to cybersecurity and compliance, and by maintaining high employee awareness of all security and compliance topics. To strengthen our team, we are seeking a Cyber Detection & Automation Engineer. A day in the life: The Cyber Detection & Automation Engineer will design, develop, and maintain advanced threat detection logic and workflow automations across our security tools and platforms. You will collaborate closely with SOC analysts, threat intelligence teams, and incident response leaders to ensure proactive and precise detection of malicious activities. Responsibilities include: Design, implement, and automate high-fidelity detection rules using SIEM, EDR, and other telemetry sources (e.g., Sentinel, Defender, AWS) to enhance efficiency and accuracy. Monitor and tune alerts to minimize false positives and improve signal-to-noise ratio. Regularly test and validate detection content for effectiveness and accuracy. Create documentation and knowledge transfer materials related to detections and engineering processes. Conduct gap analysis and continuously improve detection coverage, accuracy, and resilience. Design and develop security automation workflows using SOAR platforms, primarily Microsoft Sentinel/Logic Apps. Build and maintain custom integrations with SIEM, EDR, Threat Intel feeds, ticketing systems, and other SOC tools. Automate repetitive SOC tasks such as alert triage, enrichment, IOC lookups, and ticket creation. Develop dashboards or utilities to enhance visibility and operational insights into SOC metrics. Collaborate with SOC analysts and threat intelligence teams to stay ahead of evolving adversary tactics (based on MITRE ATT&CK). Create and update runbooks, playbooks, and other documentation related to detection rules and attacker TTPs. Prepare and present detailed reports on detection/automation activities, findings, and improvements to senior management. Qualifications: Bachelor’s degree in cybersecurity, computer science, information technology, or a related field. 5+ years in cybersecurity, with at least 3 years specifically in detection and automation engineering. Proficiency in writing detection logic using KQL, SPL, or other relevant query languages. Experience with scripting languages such as Bash, PowerShell, Python, JavaScript. Proficient in developing automations using SOAR platforms, especially Microsoft Sentinel/Logic Apps. Understanding of SOC operations, incident response workflows, and threat detection techniques. Experience with RESTful APIs and integrating third-party tools. Experience building advanced analytics (ML) and developing AI agents/tools. Experience in cloud environments, preferably AWS and Azure. Strong knowledge of the MITRE ATT&CK framework and how to map adversary behaviors to telemetry for detection design. Deep understanding of attacker TTPs, threat modeling, and detection methodologies. Familiarity with version control (Git), CI/CD pipelines, and infrastructure as code. Experience with security orchestration, automation, and response tools. Strong analytical skills to analyze large data volumes and identify threats and patterns. Effective communication skills, both verbal and written, suitable for audiences with varying technical backgrounds. Ability to collaborate cross-functionally in a fast-paced retail environment. Certifications preferred: Microsoft SC-200, Azure Security Engineer Associate AWS Certified Security – Specialty GIAC (GCIA, GCTI, GDAT), CISSP, or CISM Must-haves: Responsibility for personal choices and accountability. Entrepreneurial spirit and continuous innovation. Honest and kind communication, fostering an open environment. Courageous leadership, embracing greatness over fear of failure. Focus on connection, trust, and building relationships. Ability to bring fun and joy into work, maintaining a balanced perspective.

#J-18808-Ljbffr