Sr Detection & Automation Engineer
Northwestern Mutual
What's the role?
Are you passionate about cybersecurity and eager to lead a team in protecting an organization from cyber threats? We are looking for a Senior Detection & Automation Engineer to join our Enterprise Cybersecurity team. In this role, You will take charge of developing and maintaining security automation playbooks and ensuring our detection systems are top-notch, managing security tools and infrastructure, designing efficient automation processes, and leading blue team exercises.
Primary Duties & Responsibilities
Leadership: The Senior Detection & Automation Engineer is a leader within the Enterprise Cybersecurity with the expectation to guide and mentor more junior members. This includes overseeing the work performed by junior engineers, mentoring their technical educational activities, freely sharing knowledge, and testing techniques.
Security Detection Engineering: Prioritizes and builds detection rules for the SIEM platform to identify malicious activities based on knowledge of the inner workings of cyber-attacks. Develops, maintains, and ensures the proper documentation of detection logic, rules, and alerts. Enhances and improves data quality from external sources in the SIEM by understanding the current best state of detection engineering and integration practices.
Blue Team: Accountable for assisting in the design and implementation of blue team exercises including independently leading components of the exercise.
Security Research: Accountable for regularly monitoring the security community for, and researching, the latest assessment and exploit methodologies. This work is concluded by sharing the information back to the team in the form of newly written tools and/or attack techniques via informal internal training sessions.
Reporting: Accountable for preparing and delivering the highest quality security information that comprehensively and clearly explains risk, demonstrates findings, and offers tactical and strategic recommendations to both technical and non-technical internal clients.
Communication: Effective and professional communication of a variety of topics, including technical and non-technical information, to a wide variety of internal and external customers including leadership from across the organization.
Ad Hoc Incidents: Accountable for working with the security operations center, incident responders, and technology infrastructure, and development teams as necessary.
Metrics: Accountable for working with select team members to track, monitor, and report testing results in a meaningful way so that risk-based security metrics are delivered to the enterprise.
Training: Attend training to stay current with technology and security trends. Incorporates learnings from training to improve organizational technology and processes.
Perform other duties as assigned.
Qualifications
Educational Background: Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field. A master’s degree is a plus.
Splunk or SIEM Related Systems: Proficiency in using Splunk or other SIEM platforms is essential. This includes the ability to create, manage, and optimize detection rules and alerts within these systems.
Understanding of Logs: Strong understanding of logs and log formats, including how logs flow through various systems. Ability to filter, transform, and normalize data to enrich it for use in cybersecurity alerts and reports.
Incident Response Experience: Experience in incident response is highly preferred. This includes the ability to quickly identify, analyze, and respond to security incidents.
System Administration Experience: Experience as a system administrator is highly preferred. This includes a deep understanding of operating systems, network configurations, and security controls.
GitLab: Proficiency with GitLab for version control and CI/CD pipeline management. Ability to automate and streamline detection engineering processes using GitLab.
Python: Strong programming skills in Python for scripting and automation tasks. Ability to develop custom scripts to enhance detection capabilities and integrate various security tools.
Detection Engineering: Ability to build and prioritize detection rules in SIEM platforms to identify malicious activities. Develop, maintain, and document detection logic, rules, and alerts.
Data Quality Enhancement: Ability to enhance and improve data quality from external sources in the SIEM by understanding current best practices in detection engineering and integration.
Communication Skills: Effective and professional communication skills for conveying technical and non-technical information to a wide variety of internal and external customers, including organizational leadership.
Security Research: Ability to regularly monitor the security community for the latest assessment and exploit methodologies. Share findings with the team through newly written tools and/or attack techniques.
Blue Team Exercises: Experience in designing and implementing blue team exercises, including independently leading components of these exercises.
Reporting: Ability to prepare and deliver high-quality security information that clearly explains risks, demonstrates findings, and offers tactical and strategic recommendations.
Metrics Tracking: Ability to track, monitor, and report testing results meaningfully, delivering risk-based security metrics to the enterprise.
Continuous Learning: Commitment to attending training to stay current with technology and security trends. Ability to incorporate learnings to improve organizational technology and processes.
Preferred Qualifications
- Experience teaching security concepts (web, mobile, or infrastructure/network).
- Formal software development experience with one or more programming languages such as Python, JavaScript, Java, Ruby, Go, PowerShell, Bash, C#, C/C++, etc.
- Experience automating Amazon Web Services (AWS) and/or Microsoft Azure platform infrastructure, preferably within an Agile/DevOps operating model.
- Proven people leadership skills including the ability to manage small teams and small projects.
- Ability to be a leader in the security industry demonstrated by participation organizing and/or contributing to conferences by giving talks.
#LI-Hybrid
Compensation Range:
Pay Range - Start:
$112,210.00Pay Range - End:
$208,390.00Geographic Specific Pay Structure:
Structure 110:
$123,410.00 USD - $229,190.00 USDStructure 115:
$129,010.00 USD - $239,590.00 USDWe believe in fairness and transparency. It’s why we share the salary range for most of our roles. However, final salaries are based on a number of factors, including the skills and experience of the candidate; the current market; location of the candidate; and other factors uncovered in the hiring process. The standard pay structure is listed but if you’re living in California, New York City or other eligible location, geographic specific pay structures, compensation and benefits could be applicable, click here to learn more.
Grow your career with a best-in-class company that puts our clients' interests at the center of all we do. Get started now!
Northwestern Mutual is an equal opportunity employer who welcomes and encourages diversity in the workforce. We are committed to creating and maintaining an environment in which each employee can contribute creative ideas, seek challenges, assume leadership and continue to focus on meeting and exceeding business and personal objectives.