[Remote] Automation, Orchestration, Security Engineer
Note: The job is a remote job and is open to candidates in USA. CBTS is searching for an Automation, Orchestration, Security Engineer who designs, builds, and maintains automation and orchestration solutions that improve security outcomes. The role involves partnering with various teams to integrate tools, standardize workflows, and implement security automation.
Responsibilities
- Own the design and delivery of security automation and orchestration capabilities that improve response time, consistency, and quality across security workflows
- Develop and maintain SOAR playbooks for alert triage, enrichment, containment, and remediation
- Build and manage automation integrations with security tooling (SIEM, EDR/XDR, IAM, ticketing, vulnerability management, cloud security) using APIs, webhooks, and event-driven architectures
- Create reusable automation components (scripts, libraries, templates) with appropriate error handling, retries, logging, and observability
- Collaborate with SOC analysts and Incident Response to translate procedures into automated runbooks; ensure safe execution with approval gates where needed
- Design automation with governance: role-based access controls, change management, auditability, and documentation
- Partner with engineering and infrastructure teams to automate security controls and guardrails (policy-as-code, compliance checks, hardening, configuration drift remediation)
- Support incident response by developing rapid automation for containment and evidence collection (while maintaining chain-of-custody and logging requirements)
Skills
- Candidates must demonstrate strong automation engineering skills, comfort working with APIs and distributed systems, and practical security knowledge relevant to modern enterprise environments
- 3+ years of experience in automation engineering, security engineering, security operations engineering, or a related role
- Proficiency in at least one scripting/programming language (Python preferred; PowerShell, or JavaScript)
- Experience with Automation and Orchestration tools like Ansible, Itential, Aria Orchestrator or similar product
- Hands-on experience designing and implementing automation using APIs (REST/JSON), webhooks, and authentication methods (OAuth2, tokens, mutual TLS)
- Working knowledge of SIEM concepts (log ingestion, correlation, queries) and SOC processes (triage, escalation, incident handling)
- Strong understanding of core security domains: IAM, endpoint security, network security, vulnerability management, and cloud security fundamentals
- Experience with Git-based workflows and software engineering practices (code review, branching strategies, testing)
- Ability to document solutions clearly (runbooks, diagrams, operating procedures) and communicate effectively with technical and non-technical stakeholders
- Experience with vulnerability management automation (ticketing workflows, remediation tracking, exception handling, SLA reporting)
- Cloud platform experience (AWS, Azure, and/or GCP), including security services and identity models
- Container and Kubernetes security familiarity
- Experience integrating with EDR/XDR tools and automating response actions (isolation, kill process, quarantine)
- Familiarity with ITSM and workflow tools (ServiceNow, Jira) and structured change management
Company Overview