Apply on Employer Site

Bespin Global US · 3 weeks ago

Security Automation Engineer

United States

Full-time

Remote

Mid, Senior Level

5+ years exp

Bespin Global is a top global cloud MSP recognized in the Gartner Magic Quadrant for 8 consecutive years. They are seeking a mid to senior-level Security Automation Engineer to automate security event analysis and respond to incidents, contributing to service development and delivery in a remote U.S. team.

AnalyticsCloud Data ServicesCloud ManagementInfrastructure

Responsibilities

Create tools that automate the analysis and detection of security events using tooling inside/outside of SOAR/SIEM/CNAPP/EDR platforms

Monitor security events and respond to security incidents in client environments working with other Bespin and partner engineers

Research and implement new product and services capabilities

Programmatically automate frequently encountered SOC workflows

Assist with customer onboarding into our managed security platform

Qualification

Security AutomationPythonCloud SecuritySOC/SIEM/SOAR toolsTerraformData EngineeringCollaborative developmentCustomer-facing experienceCommunication

Required

A minimum of 5 years of experience as a Security, Software, or Cloud Engineer with hands-on operational experience in at least one major cloud provider

Solid development skills in at least one programming language (Python preferred) for security automation and integration

Operational experience in troubleshooting log ingestion and evaluating data sources for actionable events and IOCs across multiple layers of the application, infrastructure, identity, and network stack

Fluency with collaborative development practices (branching, tagging, code review) using GitHub, GitLab, or Azure DevOps

Excellent communication skills and the independence necessary to work asynchronously in a startup environment with members working across multiple U.S, Canada and international time zones

Authorized to work in the United States & Canada

Preferred

Experience with multiple SOC/SIEM/SOAR tools and security platforms (e.g., Splunk, Chronicle, SentinelOne, Elastic Security/Kibana, SumoLogic, or CrowdStrike) working in an internal SOC or MDR provider

Practical hands-on experience with 3rd party Cloud Security SaaS Tools (Wiz, Orca, CrowdStrike, LaceWork, Prisma Cloud, Tenable, etc.) and/or native provider tools such as KMS, Guard Duty, IAM, Google Security Command Center, etc

Experience with a workflow engine such as n8n, Tines, and Temporal

Strong data engineering skills and experience building and running high-volume event ingestion pipelines

Experience with Terraform or other IaC tools as a means for implementing and enforcing cloud security best practices

Google Cloud certification (e.g., Professional Cloud Security Engineer) or equivalent experience, with AWS or Azure security certifications. Additional security certifications (Security+, GCIH, CEH, CISSP)

Previous customer-facing experience in consulting or managed services