Security Automation Engineer

Team: Delivery- Federal

Location: Portland, OR

Workplace Type: onsite

What You'll Do:

• Administer and maintain digital forensics platforms including FTK (Forensic Toolkit), Magnet AXIOM Cyber, FRED (Forensic Recovery of Evidence Device) systems, and related forensic investigation tools. Ensure platforms are properly licensed, updated, and available for incident response and investigation activities.
•  Manage and configure Cortex XSOAR (Security Orchestration, Automation and Response) platform including playbook development, integration configuration, incident automation workflows, and custom script development to enhance security operations efficiency.
•  Administer ExtraHop network detection and response (NDR) platform including sensor deployment, traffic analysis configuration, detection rule tuning, dashboard creation, and integration with SIEM and other security tools for comprehensive network visibility.
•  Apply configuration changes across other security infrastructure platforms ensuring changes are properly tested, documented, and implemented following change management procedures. Maintain configuration baselines and version control for all security tools.
•  Perform application-level patching and updates for security tools and platforms, coordinating maintenance windows, testing patches in non-production environments, and ensuring minimal disruption to security operations during update cycles.
•  Assist in the deployment of new security systems and capabilities including requirements gathering, solution design, hardware/software installation, integration with existing infrastructure, testing, and knowledge transfer to operations teams.
•  Monitor performance and health of security infrastructure using built-in monitoring tools, log analysis, and alerting mechanisms. Proactively identify and resolve performance bottlenecks, capacity issues, and potential system failures.
•  Provide technical support to security analysts and incident responders using security tools, troubleshooting tool-related issues, optimizing queries and workflows, and delivering training on tool capabilities and best practices.
•  Develop and maintain comprehensive technical documentation including standard operating procedures (SOPs), runbooks, configuration guides, architecture diagrams, troubleshooting guides, and system inventory records for all security infrastructure.
•  Manage integrations between security tools and platforms using APIs, webhooks, and connectors to enable data sharing, automated workflows, and unified security operations. Troubleshoot integration issues and optimize data flows.
•  Administer SIEM (Security Information and Event Management) platforms such as Splunk or similar tools including log source onboarding, parsing rule creation, correlation rule development, dashboard creation, and search optimization.
•  Maintain and update forensic workstations (FRED systems) including hardware maintenance, software updates, peripheral device management, and ensuring write-blockers and forensic acquisition tools are properly calibrated and functioning.

What You Have:

• Must be a U.S. citizen and be able to earn a government security clearance.
• Minimum of 6 years of experience in cybersecurity, security engineering, security operations, or related technical roles with hands-on experience administrations and configuration of enterprise security tools and infrastructure.
•  Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Computer Engineering, or related technical field. Equivalent experience may be considered.
•  Experience with digital forensics platforms such as FTK (Forensic Toolkit), Magnet AXIOM Cyber, EnCase, or similar tools. Understanding of forensic investigation processes and evidence handling procedures.
•  Experience administering security orchestration and automation platforms (SOAR) such as Cortex XSOAR, Splunk SOAR, Swimlane, or similar tools. Ability to develop and maintain automation playbooks and workflows.
•  Proficiency with network detection and response (NDR) or network traffic analysis tools such as ExtraHop, Darktrace, Corelight, Vectra, or similar platforms. Deep understanding of network protocols and traffic analysis techniques.
•  Strong experience with SIEM platforms (Splunk, LogRhythm, QRadar, ArcSight, Sentinel) including administration, log source management, correlation rule development, and search optimization.
•  Solid understanding of operating systems (Windows, Linux) including system administration, hardening, patching, and troubleshooting in enterprise environments.
•  Proficiency with scripting and automation languages such as Python, PowerShell, Bash, or similar for tool automation, integration development, and operational efficiency improvements.
•  Excellent troubleshooting and problem-solving skills with ability to diagnose complex technical issues across multiple platforms and work under pressure during incident response situations.
•  Effective communication skills with ability to collaborate with cross-functional teams, explain technical concepts to non-technical audiences, and work effectively in team environments.

Preferred Qualifications

• Prior experience working in federal government environments.
• Professional cybersecurity certifications such as CompTIA Security+, GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), GIAC Security Essentials (GSEC), or Certified Information Systems Security Professional (CISSP).
•  Experience with endpoint detection and response (EDR) platforms such as CrowdStrike Falcon, Carbon Black, SentinelOne, Microsoft Defender for Endpoint, or similar tools.
•  Experience with vulnerability management platforms such as Tenable Nessus, Qualys, Rapid7 InsightVM, or similar tools including scanner deployment, scan configuration, and vulnerability remediation tracking.
•  Understanding of malware analysis tools and techniques including sandboxing technologies, reverse engineering tools, and dynamic/static analysis platforms.
•   Experience working in Security Operations Centers (SOC) or incident response teams with understanding of security operations workflows, incident handling procedures, and escalation processes.
•   Knowledge of infrastructure as code (IaC) and configuration management tools such as Terraform, Ansible, Puppet, or Chef for automating security infrastructure deployment and configuration.

What We Offer:

• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed
• Medical, Dental, and Vision insurance (available on the 1st day of the month following your first day of employment)
• Group Term Life, Short-Term Disability, and Long-Term Disability
• Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness
• Participation in the Discretionary Time Off (DTO) Program
• 11 Paid Holidays Annually