our company MDR delivers 24x7x365 managed detection and response services, protecting customer data through advanced detection, investigation, and response at scale.
We are seeking an MDR Security Engineer to own and scale the automation layer that powers our global MDR operations. This role is responsible for building and operating production-grade automation systems that reduce manual workload, improve detection quality, and enable consistent, high-quality incident response.
The ideal candidate is a hands-on engineer with strong experience in SOAR platforms, security operations, and automation design, capable of driving measurable improvements in efficiency, reliability, and response outcomes across a high-volume SOC environment.
Responsibilities
Upkeep the design, development, and lifecycle of SOAR playbooks, workflows, and integrations across the MDR platform
Build and operate production-grade automation systems supporting alert triage, enrichment, investigation, and response
Define and drive automation strategy by identifying high-impact, high-volume SOC processes and scaling them through automation
Develop integrations across SIEM, EDR/XDR, identity, cloud, and ticketing systems using APIs and scripting
Partner with MDR analysts, IR, threat hunters, and engineering teams to translate operational workflows into scalable automation
Improve detection and response quality through automation of enrichment, investigation, and containment workflows
Contribute to incident response and RCAs by delivering tooling that improves investigation speed, accuracy, and consistency
Evaluate and implement new automation capabilities, including AI-assisted workflows and data-driven decisioning
Monitoring, Metrics & Reliability Ownership
Define and own automation KPIs, including:
Automation coverage (% of alerts handled or augmented)
MTTD / MTTR improvement
False positive reduction and signal-to-noise improvement
Analyst time saved and throughput increase
Build and maintain dashboards and reporting to measure automation impact on SOC performance and SLAs
Ensure production reliability and stability of automation systems, including:
Monitoring workflow success/failure rates and execution latency
Tracking integration and API health, errors, and retry behavior
Implementing logging, alerting, and observability across automation pipelines
Continuously optimize workflows based on data, feedback, and operational performance to ensure consistent 24/7 MDR operation.
Requirements: 4+ years of experience in Security Operations, MDR, Incident Response, or Security Engineering
2-3+ years of hands-on experience with SOAR platforms and security automation
Proven experience owning and operating production-grade automation workflows in a SOC/MDR environment
Strong understanding of SOC operations, alert triage, escalation workflows, and incident response
Experience with enterprise security technologies (SIEM, SOAR, EDR/XDR, IAM/AD)
Strong scripting/development skills (Python, PowerShell, Bash) and experience building APIs and integrations
Experience with CI/CD, version control (Git), and deploying automation at scale
Strong analytical thinking and problem-solving skills with the ability to translate complex workflows into automation
Excellent communication and collaboration skills across engineering and operations teams
Nice to Have
Experience with AI-enhanced automation or large-scale workflow orchestration
Experience in high-volume MDR/SOC environments
Familiarity with threat hunting or detection engineering
What Success Looks Like
Increased automation coverage across MDR workflows
Measurable reduction in analyst workload and response times
Improved consistency and quality of incident response
Stable, reliable automation systems operating at scale.
This position is open to all candidates.