
Technical Lead – Cybersecurity
Posted 3 days ago

Posted 3 days ago
This is a fully remote position, open to applicants in Alabama.
• Take charge of designing and delivering security automation and orchestration solutions that enhance response times, consistency, and quality across security workflows.
• Create and sustain SOAR playbooks for alert triage, enrichment, containment, and remediation processes.
• Develop and oversee automation integrations with security tools (SIEM, EDR/XDR, IAM, ticketing, vulnerability management, cloud security) utilizing APIs, webhooks, and event-driven architectures.
• Construct reusable automation components (scripts, libraries, templates) with robust error handling, retries, logging, and observability.
• Work closely with SOC analysts and Incident Response teams to convert procedures into automated runbooks, ensuring safe execution with necessary approval gates.
• Design automation with a focus on governance: implementing role-based access controls, change management, audit trails, and comprehensive documentation.
• Collaborate with engineering and infrastructure teams to automate security controls and guardrails (policy-as-code, compliance checks, hardening, configuration drift remediation).
• Enhance incident response by creating rapid automation for containment and evidence collection, ensuring adherence to chain-of-custody and logging requirements.
• Minimum of 3 years' experience in automation engineering, security engineering, security operations engineering, or a similar field.
• Proficient in at least one scripting/programming language (Python preferred; PowerShell or JavaScript are also acceptable).
• Familiarity with Automation and Orchestration tools such as Ansible, Itential, Aria Orchestrator, or similar products.
• Practical experience in designing and implementing automation using APIs (REST/JSON), webhooks, and various authentication methods (OAuth2, tokens, mutual TLS).
• Understanding of SIEM concepts (log ingestion, correlation, queries) and SOC processes (triage, escalation, incident handling).
• Strong grasp of essential security domains: IAM, endpoint security, network security, vulnerability management, and cloud security fundamentals.
• Experience with Git-based workflows and software engineering principles (code review, branching strategies, testing).
• Capability to clearly document solutions (runbooks, diagrams, operating procedures) and communicate effectively with both technical and non-technical stakeholders.
• Health insurance
• Retirement plans
• Paid time off
• Flexible work arrangements
• Professional development
CrowdStrike
ESA - Electronic Security Association
DKB Code Factory GmbH
Aledade, Inc.
Get handpicked remote jobs straight to your inbox weekly.