Security Automation Engineer

Security Automation Engineer

This position is responsible for engineering the Barracuda XDR SOAR platform, conducting R&D efforts on forward facing technologies, and executing offensive security operations efforts through the attack/defend lifecycle to test and validate effectiveness of in-place detections.

• Engineering the Barracuda XDR SOAR solution.
• Sprint tasks within the SOC Agile Sprint cycle to continuously improve overall SOC maturity level and R&D efforts.
• Develop and maintain documentation on new processes, tools, technologies, and ongoing R&D efforts.
• Integrate various APIs into the SOC tech stack.
• Conduct proactive threat hunting among partners' networks to identify malicious activity.
• Perform attack and defend activities to test current detections and develop new detections.
• Ensure MITRE ATT&CK Framework coverage is obtained by XDR detections.
• Conduct threat intelligence research.
• Train new and current cyber security analysts on existing or new technologies, new or existing processes.
• Be on a rotating 24x7x365 on-call schedule to investigate, triage, and help customers remediate active breaches/incidents.
• Design and implement AI-driven security automations, including Agentic AI workflows to autonomously investigate, triage, and respond to alerts.
• Build and maintain Retrieval-Augmented Generation (RAG) pipelines to enhance threat intelligence enrichment, alert context, and analyst decision‑making.
• Develop and integrate AI agents with SOC tooling (SIEM, SOAR, EDR) to reduce manual effort and improve response times.
• Leverage LLMs and AI frameworks to automate repetitive SOC tasks such as alert analysis, ticket generation, and incident summarization.
• Integrate and manage MCP servers and agent orchestration frameworks to enable scalable, modular AI‑driven workflows.
• Experiment with and operationalize machine learning models for anomaly detection, alert prioritization, and signal‑to‑noise improvement.
• Drive R&D initiatives focused on applying Generative AI in cybersecurity, including detection engineering, threat hunting, and purple team exercises.
• Build internal tools and prototypes that combine security data pipelines with AI capabilities to improve SOC efficiency and accuracy.

• 4–5 years prior cybersecurity or SOC experience.
• Bachelor's degree or Master's Degree in Cyber Security, Information Security, or related field.
• Certifications:
  
  CIH, CEH, CompTIA Network+ or Security+, or other relevant certification.
• Experience working with various SOC tools including SIEM, SOAR, EDR, email protection, sandboxes, ticketing systems, etc.
• Expertise with analyzing advanced attack vectors such as ransomware, Business Email Compromise, etc.
• Experience responding to active security threats and incidents.
• Experience with cloud tools such as AWS, Azure, and GCP.
• Experience working with APIs.
• Analytical, problem‑solving skills with SOAR platform troubleshooting.
• Customer service experience.
• Experience with threat intelligence research, IOC gathering, and threat hunting.
• Understanding of cybersecurity frameworks such as NIST, MITRE ATT&CK, etc.
• Fundamental understanding of corporate IT environments, including networking and cloud infrastructure.
• Excellent verbal and written communication skills.
• Hands‑on experience building or working with Agentic AI systems, including multi‑step autonomous workflows and tool‑using agents.
• Experience implementing RAG architectures, including vector databases, embeddings, and context retrieval strategies.
• Familiarity with LLMs (e.g., OpenAI, open‑source models) and their application in cybersecurity use cases.
• Experience integrating AI into production environments, including API orchestration and automation pipelines.
• Experience with MCP servers, agent frameworks, or similar orchestration systems for managing AI‑driven workflows.
• Strong understanding of how to apply AI/ML to security operations problems such as alert fatigue, threat detection, and incident response.
• Ability to evaluate and tune AI outputs for accuracy, reliability, and security relevance in a SOC environment.

• Equity, in the form of non‑qualifying options.
• High‑quality health benefits.
• Retirement Plan with…