Sr. Security Engineer I

The Security Automation Engineer (L8) is a senior individual contributor responsible for designing, building, and optimizing automation solutions across Yum’s cybersecurity ecosystem. This role focuses on improving detection and response capabilities, reducing manual intervention, and enhancing operational efficiency through scalable, code-driven solutions. At this level, the engineer operates independently on complex assignments, contributes to improving existing processes and tools, and serves as a technical resource within the team. The role requires strong hands-on expertise in security tooling, automation frameworks, and incident response workflows, with increasing ownership of end-to-end automation initiatives.

Key Responsibilities
•    Design and implement security automation workflows for alert ingestion, enrichment, triage, and response 
•    Develop scripts and playbooks to reduce manual effort and improve incident response efficiency 
•    Integrate SIEM, SOAR, and security tools with case management and ticketing systems 
•    Enhance detection capabilities by incorporating threat intelligence into pipelines 
•    Support detection rule lifecycle management including tuning, validation, and deployment 
•    Troubleshoot and optimize automation processes to reduce false positives and improve signal quality 
•    Collaborate with SOC, Security Engineering, and IT teams to translate requirements into automation solutions 
•    Contribute to development of automation standards, documentation, and runbooks 
•    Identify opportunities to improve processes, tooling, and detection coverage 
•    Act as a technical resource and provide guidance to less experienced team members 
Required Skills
•    Strong experience in security automation, detection engineering, or SOC operations 
•    Hands-on experience with SIEM platforms and alerting frameworks 
•    Proficiency in scripting/programming (e.g., Python, PowerShell) 
•    Experience integrating systems via APIs and automation pipelines 
•    Understanding of cybersecurity frameworks (e.g., MITRE ATT&CK) 
•    Knowledge of incident response processes and threat detection methodologies 
•    Strong analytical and problem-solving skills 
•    Ability to independently execute on complex technical tasks 
 

Qualifications
•    Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field 
•    5–8 years of experience in cybersecurity, security engineering, or related discipline 
•    Experience working in a Security Operations Center (SOC) or similar environment 
•    Familiarity with SOAR platforms and automation playbooks 
•    Experience with cloud environments (AWS, Azure, or GCP) preferred 
•    Knowledge of Infrastructure as Code (e.g., Terraform, Ansible) preferred 
•    Relevant certifications (e.g., Security+, GIAC, CISSP – Associate or progress toward certification) preferred

Key Performance Indicators (KPIs)
•    Short-Term Outcomes (3–6 months)
•    Automate ≥20–30% of repetitive SOC workflows or alert triage tasks 
•    Reduce average incident triage time by 15–25% through automation enhancements 
•    Successfully deploy 3–5 new automation playbooks integrated with SIEM/SOAR tools 
•    Improve alert enrichment coverage to ≥80% of prioritized use cases 
•    Long-Term Outcomes (6–12+ months)
•    Reduce false positive rate in key detection pipelines by 25–40% 
•    Increase automated incident response coverage to ≥50% of common use cases 
•    Achieve measurable reduction in Mean Time to Respond (MTTR) by 20–30% 
•    Expand detection coverage aligned to MITRE ATT&CK across critical threat vectors 
•    Functional Excellence Metrics
•    Technical Delivery
•    Automation reliability ≥95% success rate across workflows 
•    Number of scalable automation solutions adopted across teams 
•    Operational Efficiency
•    Reduction in manual workload hours for SOC analysts 
•    Number of integrations implemented across security tools and platforms 
•    Collaboration & Influence
•    Stakeholder satisfaction with automation solutions and responsiveness 
•    Contributions to documentation, standards, and team knowledge sharing

 

•    Bachelor’s degree in computer science, Cybersecurity, Information Technology, or related field with 8-10 years of relevant experience