Group Senior Specialist - Cybersecurity automation

Job details

Design and implement automated workflows and playbooks across SOC, CSPM, VM, and IAM platforms.
Integrate diverse tools such as Sentinel (SIEM/XDR), Wiz (CSPM/CNAPP), SailPoint (IAM), Check Point (EDR/DLP), and Zscaler (SSE) using APIs and event-driven automation.
Build automation for incident response (IR), threat enrichment, user isolation, and ticketing workflows using SOAR and orchestration frameworks (e.g., Microsoft Sentinel Logic Apps, Cortex XSOAR, FortiSOAR, or custom Python-based frameworks).
Microsoft XDR / EDR / Defender for Identity + O365 + Entra ID
Develop and maintain cross-platform integrations between IT, OT, and Cloud security tools for unified visibility.
Enable real-time telemetry ingestion and correlation using APIs, data pipelines, or event hubs.
Create reusable automation modules and templates for consistent rollout across global regions.

Automate cloud posture monitoring and remediation (Azure, AWS, GCP) using CSPM/CNAPP APIs.
Engineer infrastructure-as-code (IaC) security controls and guardrails using Terraform, Ansible, or ARM templates.
Integrate automation into DevSecOps pipelines for continuous compliance, vulnerability scanning, and drift detection.
Implement AI-driven response and enrichment playbooks for phishing, malware, and insider threat cases.
Develop automation for threat intel enrichment (VirusTotal, MISP, Recorded Future, etc.) and ticket closure workflows (JIRA, ServiceNow).
Continuously tune automation based on MITRE ATT&CK and MITRE ATLAS techniques.

OTHER

Act as an ambassador for DP World always when working; promoting and demonstrating positive behaviors in harmony with DP World’s Founder’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies
Perform other related duties as assigned

QUALIFICATIONS, EXPERIENCE AND SKILLS

A Bachelor’s Degree in Computer Science, Engineering with 16+ years of relevant experience
7–12 years of cybersecurity or security engineering experience, with at least 3 years in security automation/SOAR engineering.
Hands-on expertise with:
SOAR platforms: Cortex XSOAR, FortiSOAR, Microsoft Sentinel Logic Apps, Splunk SOAR, or custom Python-based orchestration.
Security APIs and scripting: Python, PowerShell, REST API, JSON, YAML.
Cloud environments: Azure, AWS, GCP automation (Lambda, Logic Apps, Functions, EventHub).
Infrastructure tools: Terraform, Ansible, Jenkins, GitHub Actions.
Knowledge of security tools integration across SIEM, EDR/XDR, IAM, DLP, CSPM, CNAPP, CASB, and vulnerability scanners.
Strong understanding of incident response, SOC processes, and MITRE ATT&CK frameworks.
Proven track record of reducing manual operational workload via automation at scale.

#L1-MP1