Why you should join our At-Bay Security team
At-Bay is a fast-growth InsurSec company (Insurance x Cybersecurity) on a mission to bring innovative products to the market that help protect small businesses from digital risks. As an InsurSec provider, we uniquely combine insurance with mission-critical security technologies, threat intelligence, and human expertise, to bridge the critical security capability gap that exists among SMBs in the community. We believe InsurSec is an $80B market opportunity and we are excited to introduce the Automation Engineer role to the security team to help expand our reach and influence in the business and security community, of which we serve 35,000 customers.
With At-Bay, our customers experience 5X fewer ransomware attacks. This is just the tip of the iceberg! Click here to learn more about what we’re building.
The Role
The Senior Security Platform Engineer leverages deep knowledge of cybersecurity tools and platforms to design and deploy integrated security automation use cases and using data ingested from a variety of sources (i.e. security tools and other sources) and leveraging automation capabilities available from a variety of platforms. Specific job responsibilities include:
- Collaborating with team members performing security monitoring and incident response duties to identify opportunities to streamline security operations by automating workflows using existing tools and available data
- Developing identified opportunities into custom automation solutions such as workflows and stand-alone scripts
- Developing requirements for custom automation solutions
- Implementing and testing custom automation solutions
- Developing user documentation for custom automation solutions
- Performing handoff to delivery teams of custom automation solutions
- Maintaining automation solutions
- Ideating and developing automation playbooks for a variety of detection and response use cases
Essential Qualifications
- Hand-on experience operating, tuning, implementing, and/or maintaining one or more enterprise cybersecurity platforms including:
- SIEM (e.g., Splunk, Elastic Security, Securonix, etc.)
- SOAR (e.g., Splunk SOAR, Swimlane, Cortex XSOAR, Tines, etc.)
- Data loss prevention (DLP) (e.g., Forcepoint DLP, Symantec DLP)
- EDR (e.g., CrowdStrike Falcon, SentinelOne, Microsoft Defender, etc.)
- Intrusion detection / prevention
- Malware analysis (e.g., Joe Sandbox, Cuckoo)
- Identity management (e.g., Okta, Auth0, OneLogin, etc.)
- Workflow management (e.g., ServiceNow, SalesForce, etc.)
- Cloud security (Amazon GuardDuty, Microsoft Sentinel, etc.)
- Hands-on experience working in information technology operations (i.e. Network Operations Center or Security Operations Center)
- Minimum of 2 years of experience in cybersecurity engineering / operations OR 1 year of experience with designing cybersecurity automation playbooks and implementing automation workflows using SOAR tools
- Experience with one or more scripting languages (e.g., Python, JavaScript, Ruby, etc.)
Preferred Requirements
- Bachelor’s degree or equivalent with significant coursework in computer science, computer engineering, information systems, or cybersecurity
- A mix of security operations, security engineering, cloud security and security automation experience
- Experience with agile methodologies and/or DevOps
- Experience with continuous integration tools (e.g., Gitlab CI, Jenkins, Cmake)
- Expertise in application development frameworks, build systems and ability to integrate tools into the CI infrastructure
- Experience with cloud security including knowledge of cloud security products and services offered by major cloud service providers (e.g., AWS, Azure, GCP)
Work location:
#LI-CK1