Key Responsibilities:
Automation Development:
- Design, deliver, and maintain security automation playbooks in collaboration with SOC, Insider Risk, DLP, Red Team, Threat Intel, and other security functions.
- Manage full lifecycle of automation playbooks from requirements, planning, design, testing, implementation to maintenance.
- Identify and implement automation opportunities to increase security analyst efficiency.
- Build end-to-end solutions including automated feedback loops to improve detection accuracy.
AI/LLM Integration:
- Leverage Large Language Models (OpenAI, Hugging Face, etc.) to create automation solutions that enhance incident response capabilities.
- Apply AI to enrich data and automate repetitive security actions.
Quality & Best Practices:
- Conduct quality checks on automation to reduce errors and enforce continuous improvement.
- Advocate standardization and code quality best practices, including code reviews and testing methodologies.
- Collaborate with teams to expand automation capabilities across all security functions.
Technical & Reporting Tools:
- Utilize GitHub for version control, collaboration, and code management.
- Use CI/CD tools (e.g., GitHub Actions) to automate software build, test, and deployment processes.
- Employ data visualization tools (e.g., PowerBI) to monitor and display efficiency gains.
