Cybersecurity Automation Specialist

Group Specialist - Cyber Engineering Automation

KEY ACCOUNTABILITIES:

• Design and implement automated workflows and playbooks across SOC, CSPM, VM, and IAM platforms.
• Integrate diverse tools such as Sentinel (SIEM/XDR), Wiz (CSPM/CNAPP), SailPoint (IAM), Check Point (EDR/DLP), and Zscaler (SSE) using APIs and event-driven automation.
• Build automation for incident response (IR), threat enrichment, user isolation, and ticketing workflows using SOAR and orchestration frameworks (e.g., Microsoft Sentinel Logic Apps, Cortex XSOAR, FortiSOAR, or custom Python-based frameworks).
• Develop and maintain cross-platform integrations between IT, OT, and Cloud security tools for unified visibility.
• Enable real-time telemetry ingestion and correlation using APIs, data pipelines, or event hubs.
• Create reusable automation modules and templates for consistent rollout across global regions.
• Automate cloud posture monitoring and remediation (Azure, AWS, GCP) using CSPM/CNAPP APIs

• Engineer infrastructure-as-code (IaC) security controls and guardrails using Terraform, Ansible, or ARM templates.

• Integrate automation into DevSecOps pipelines for continuous compliance, vulnerability scanning, and drift detection.

• Implement AI-driven response and enrichment playbooks for phishing, malware, and insider threat cases.

• Develop automation for threat intel enrichment (VirusTotal, MISP, Recorded Future, etc.) and ticket closure workflows (JIRA, ServiceNow).

• Continuously tune automation based on MITRE ATT&CK and MITRE ATLAS techniques.

  OTHER

• Act as an ambassador for DP World always when working; promoting and demonstrating positive behaviours in harmony with DP World’s Founder’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies

• Perform other related duties as assigned

QUALIFICATIONS, EXPERIENCE AND SKILLS:

• A Bachelor’s Degree in Computer Science, Engineering with 16+ years of relevant experience

• 7–12 years of cybersecurity or security engineering experience, with at least 3 years in security automation/SOAR engineering.

• Hands-on expertise with:

• SOAR platforms: Cortex XSOAR, FortiSOAR, Microsoft Sentinel Logic Apps, Splunk SOAR, or custom Python-based orchestration.

• Security APIs and scripting: Python, PowerShell, REST API, JSON, YAML.

• Cloud environments: Azure, AWS, GCP automation (Lambda, Logic Apps, Functions, EventHub).

• Infrastructure tools: Terraform, Ansible, Jenkins, GitHub Actions.

• Knowledge of security tools integration across SIEM, EDR/XDR, IAM, DLP, CSPM, CNAPP, CASB, and vulnerability scanners.

• Strong understanding of incident response, SOC processes, and MITRE ATT&CK frameworks.

• Proven track record of reducing manual operational workload via automation at scale.

Experience Level

Senior Level