Sr Detection & Automation Engineer

Overview

Are you passionate about cybersecurity and eager to lead a team in protecting an organization from cyber threats? We are looking for a Senior Detection & Automation Engineer to join our Enterprise Cybersecurity team. In this role, you will take charge of developing and maintaining security automation playbooks and ensuring our detection systems are top-notch, managing security tools and infrastructure, designing efficient automation processes, and leading blue team exercises.

• Leadership:
  Guide and mentor junior engineers, overseeing their work, supporting their technical growth, sharing knowledge, and testing techniques.
• Security Detection Engineering:
  Prioritize and build detection rules for the SIEM platform, document detection logic, rules, and alerts, and improve data quality from external sources in the SIEM.
• Blue Team:
  Assist in designing and implementing blue team exercises, including independently leading components of the exercises.
• Security Research:
  Monitor the security community for latest assessment and exploit methodologies, sharing findings with the team via tools or techniques.
• Reporting:
  Prepare and deliver high-quality security information that explains risk, demonstrates findings, and offers recommendations to technical and non-technical internal clients.
• Communication:
  Communicate effectively with a wide range of internal and external customers, including organizational leadership.
• Ad Hoc Incidents:
  Work with the security operations center, incident responders, and technology infrastructure and development teams as necessary.
• Metrics:
  Track, monitor, and report testing results to deliver risk-based security metrics to the enterprise.
• Training:
  Attend training to stay current with technology and security trends and apply learnings to improve processes.
• Perform other duties as assigned.

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field; a master’s degree is a plus.
• Proficiency with Splunk or other SIEM platforms, including creating, managing, and optimizing detection rules and alerts.
• Strong understanding of logs and log formats; ability to filter, transform, and normalize data for cybersecurity alerts and reports.
• Incident response experience is highly preferred.
• System administration experience is highly preferred.
• Git Lab proficiency for version control and CI/CD pipeline management.
• Python programming skills for scripting and automation tasks.
• Experience building and prioritizing detection rules in SIEM platforms, with documented detection logic and alerts.
• Ability to enhance data quality from external sources in the SIEM and understand best practices in detection engineering and integration.
• Effective communication skills for conveying technical and non-technical information to a wide audience.
• Continuous learning mindset with willingness to incorporate new knowledge into processes.

• Experience teaching security concepts (web, mobile, or infrastructure/network).
• Formal software development experience with Python, JavaScript, Java, Ruby, Go, Power Shell, Bash, C#, C/C++, etc.
• Experience automating AWS and/or Microsoft Azure platform infrastructure in an Agile/Dev Ops environment.
• Proven people leadership skills including managing small teams and projects.
• Active involvement in security conferences or talks to demonstrate leadership in the industry.

Pay Range - Start: $

Pay Range - End: $

Geographic specific pay structures may apply based on location. We believe in fairness and transparency and share salary ranges where applicable. Final salaries are based on factors including skills, experience, market, location, and hiring process.

Northwestern Mutual is an equal opportunity employer that values diversity and is committed to creating an inclusive environment where employees can contribute, grow, and succeed.

• Flexible work schedules
• Concierge service
• Comprehensive benefits
• Employee resource groups