CEDENT- Cyber Detection & Automation Engineer (WA)

Job description:

• Design, implement and automate high-fidelity detection rules using SIEM, EDR, and other telemetry sources (e.g. Sentinel, Defender, AWS, etc.) to improve efficiency and accuracy.

• Monitor and tune alerts to reduce false positives and improve signal-to-noise ratio.

• Regularly test and validate detection content to ensure its effectiveness and accuracy.

• Create documentation and knowledge transfer materials for detections and engineering processes.

• Perform gap analysis and continuously improve detection coverage, accuracy, and resilience.

• Design and develop security automations workflows using SOAR (Security Orchestration, Automation, and Response) primarily using Microsoft Sentinel/Logic Apps.

• Build and maintain custom integrations with SIEM, EDR, Threat Intel feeds, ticketing systems, and other SOC tools.

• Automate repetitive SOC tasks such as alert triage, enrichment, IOC lookups, and ticket creation.

• Develop dashboards or utilities to improve visibility and operational insights into SOC metrics.

• Collaborate with security operations center analysts & threat intelligence to stay ahead of evolving adversary tactics (MITRE ATT&CK-based).

• Create and update relevant runbooks, playbooks and other necessary documentation around detection rules and attacker TTP's.

• Prepare and present detailed reports on detection/automation activities, findings, and improvements to senior management.

Qualifications:

• Bachelor’s degree in cybersecurity, computer science, information technology, or related field.

• 5+ years in cybersecurity, with 3+ years specifically in detection and automation engineering.

• Proficiency in writing detection logic using KQL, SPL or other relevant query languages.

• Experience with query languages such as KQL, SPL and scripting languages (Bash, PowerShell, Python, JavaScript)

• Proficient in developing automations using SOAR platforms, specifically Microsoft Sentinel/Logic Apps

• Understanding of SOC operations, incident response workflows, and threat detection techniques.

• Experience with RESTful APIs and integration of third-party tools. • Experience building advanced analytics (ML) and developing AI agents/tools • Experience in a cloud-first or hybrid cloud environment (preferably AWS and Azure).

• Strong, practical knowledge of the MITRE ATT&CK framework, and how to map adversary behaviors to telemetry for detection design.

• Deep understanding of attacker TTPs, threat modeling, and detection methodologies.

• Familiarity with version control (Git), CI/CD pipelines, and infrastructure as code concepts.

• Experience in using security orchestration, automation, and response tools. • Strong analytical skills to analyze large volumes of data and identifying potential threats, patterns.

• The ability to effectively communicate both verbally and in writing to audiences of different technical skill levels.

• Relevant certifications such as:

o Microsoft SC-200, Azure Security Engineer Associate

o AWS Certified Security – Specialty

o GIAC (GCIA, GCTI, GDAT), CISSP, or CISM

Department: Preferred Vendors
This is a contract position

Visit Careers at CEDENT

Subscribe to be notified of new jobs

Personal Information

* First name
* Last name
* Email
Address
* City
State
Zip code
* Phone number

Attachments

Attach a Cover letter Upload file

Attach

Other Information

How did you hear about this position? * Your Legal Work Authorization in the US? * Are you currently employed? * Will you be able to join us on our W-2? * What is your desired salary / hourly rate? * If on a Visa, will you be able to transfer your Work Visa to us? * What is your motivation for Change/New Job Opportunity? * If Currently working, what is your Notice period? * What is your current location? * Are you ready to relocate? * Can you provide proof of legal right to work in the United States? * if Hired when will you be able to start?