Technical Lead-Cybersecurity
Birlasoft · Alpharetta, GA · 5 days ago
EngineeringFull-time
Key Responsibilities
- Own the design and delivery of security automation and orchestration capabilities that improve response time, consistency, and quality across security workflows.
- Develop and maintain SOAR playbooks for alert triage, enrichment, containment, and remediation.
- Create and manage automation integrations with security tooling (SIEM, EDR/XDR, IAM, ticketing, vulnerability management, cloud security) using APIs, webhooks, and event-driven architectures.
- Build reusable automation components (scripts, libraries, templates) with appropriate error handling, retries, logging, and observability.
- Collaborate with SOC analysts and Incident Response to translate procedures into automated runbooks; ensure safe execution with approval gates where needed.
- Design automation with governance: role-based access controls, change management, auditability, and documentation.
- Partner with engineering and infrastructure teams to automate security controls and guardrails (policy-as-code, compliance checks, hardening, configuration drift remediation).
- Support incident response by developing rapid automation for containment and evidence collection (while maintaining chain-of-custody and logging requirements).
Required Qualifications
- Demonstrate strong automation engineering skills, comfort working with APIs and distributed systems, and practical security knowledge relevant to modern enterprise environments.
- 3+ years of experience in automation engineering, security engineering, security operations engineering, or a related role.
- Proficiency in at least one scripting/programming language (Python preferred; PowerShell, or JavaScript).
- Hands-on experience designing and implementing automation using APIs (REST/JSON), webhooks, and authentication methods (OAuth2, tokens, mutual TLS).
- Working knowledge of SIEM concepts (log ingestion, correlation, queries) and SOC processes (triage, escalation, incident handling).
- Strong understanding of core security domains: IAM, endpoint security, network security, vulnerability management, and cloud security fundamentals.
- Experience with Git-based workflows and software engineering practices (code review, branching strategies, testing).
- Ability to document solutions clearly (runbooks, diagrams, operating procedures) and communicate effectively with technical and non-technical stakeholders.
Preferred Qualifications And Technical Skills
- Experience with vulnerability management automation (ticketing workflows, remediation tracking, exception handling, SLA reporting).
- Cloud platform experience (AWS, Azure, and/or GCP), including security services and identity models.
- Container and Kubernetes security familiarity.
- Experience integrating with EDR/XDR tools and automating response actions (isolation, kill process, quarantine).
- Familiarity with ITSM and workflow tools (ServiceNow, Jira) and structured change management.