Security Engineer

Position Title: Security Operations Engineer
Reports To: Director of Security Operations

Security Operations Engineer is a technical subject matter expert responsible for executing key functions of CDK's Security Monitoring and Response strategy with an automation first mindset. This individual plays a key technical role in our Security Operations organization and enables effective incident response via automated workflows and efficient threat detection content.

Key Responsibilities

• Technical Leadership:
• Exemplify security principles and culture
• Develop, implement, and tune automation playbooks that enable incident response
• Effectively partner across security, technology, and business teams
• Provide technical leadership to the security operations team
• Develop effective metrics and use them to drive meaningful improvements
• Automated Detection & Response
• Work with security operations team members to identify response actions which can be automated to drive efficiency throughout response
• Build automation workflows to contribute to auditable and efficient incident response
• Drive continuous improvement in CDK's detection capability using automation, threat and anomaly detection, coverage assurance, and external threat intelligence
• Build threat detection queries based on attacker techniques and threat intelligence
• Support and tune threat detection content and automation workflows based on metrics and security operations feedback
• Incident Response:
• Develop incident response playbooks and drive response playbook automation, regularly test playbook effectiveness and drive improvement
• Lead response to medium or higher criticality impact security incidents in accordance with the incident response plan, and effectively coordinate with internal and external parties
• Effectively triage and identify root cause of security alerts and incidents
• Serve as a technical leader for significant security incidents
• Assure 24x7x365 incident response coverage and escalation processes
• Regularly update the list of likely security incident scenarios using external threat intelligence, collaboration with internal technology teams, and other data sources
• Security Posture Improvement
• Use offensive security techniques and exercises to identify detection and response gaps and drive remediation
• Regularly practice incident response plans and procedures in collaboration with internal and external stakeholders

Education
Required Qualifications:

• Bachelor's degree in computer science, information security, or an equivalent experience

Experience

• Minimum of 6 years in cybersecurity, with at least 3 years in a developer role
• Expert technical expertise in python, javascript, and powershell
• Experience building SOAR workflows
• Experience building and tuning threat detection content
• Experience leading the response to enterprise security alerts and incidents
• Strong background in security monitoring, automation, and incident response, preferably in a complex SaaS environment
• Experience with SIEM tools, process automation, cloud environment monitoring, IDS/IPS, firewalls, EDR solutions, MDR/MSSP providers

At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact.

CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law.

Applicants for employment in the US must be authorized to work in the US. CDK may offer employer visa sponsorship to applicants.