Group Specialist - Cyber Engineering Automation

Key Accountabilities

JOB DESCRIPTION

• Design and implement automated workflows and playbooks across SOC, CSPM, VM, and IAM platforms.
• Integrate diverse tools such as Sentinel (SIEM/XDR), Wiz (CSPM/CNAPP), SailPoint (IAM), Check Point (EDR/DLP), and Zscaler (SSE) using APIs and event-driven automation.
• Build automation for incident response (IR), threat enrichment, user isolation, and ticketing workflows using SOAR and orchestration frameworks (e.g., Microsoft Sentinel Logic Apps, Cortex XSOAR, FortiSOAR, or custom Python-based frameworks).
• Develop and maintain cross-platform integrations between IT, OT, and Cloud security tools for unified visibility.
• Enable real-time telemetry ingestion and correlation using APIs, data pipelines, or event hubs.
• Create reusable automation modules and templates for consistent rollout across global regions.
• Automate cloud posture monitoring and remediation (Azure, AWS, GCP) using CSPM/CNAPP APIs
• Engineer infrastructure-as-code (IaC) security controls and guardrails using Terraform, Ansible, or ARM templates.
• Integrate automation into DevSecOps pipelines for continuous compliance, vulnerability scanning, and drift detection.
• Implement AI-driven response and enrichment playbooks for phishing, malware, and insider threat cases.
• Develop automation for threat intel enrichment (VirusTotal, MISP, Recorded Future, etc.) and ticket closure workflows (JIRA, ServiceNow).
• Continuously tune automation based on MITRE ATT&CK and MITRE ATLAS techniques.
  
  

• Act as an ambassador for DP World always when working; promoting and demonstrating positive behaviours in harmony with DP World’s Founder’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies
• Perform other related duties as assigned
  
  

• A Bachelor’s Degree in Computer Science, Engineering with 16+ years of relevant experience
• 7–12 years of cybersecurity or security engineering experience, with at least 3 years in security automation/SOAR engineering.
• Hands-on expertise with:
• SOAR platforms: Cortex XSOAR, FortiSOAR, Microsoft Sentinel Logic Apps, Splunk SOAR, or custom Python-based orchestration.
• Security APIs and scripting: Python, PowerShell, REST API, JSON, YAML.
• Cloud environments: Azure, AWS, GCP automation (Lambda, Logic Apps, Functions, EventHub).
• Infrastructure tools: Terraform, Ansible, Jenkins, GitHub Actions.
• Knowledge of security tools integration across SIEM, EDR/XDR, IAM, DLP, CSPM, CNAPP, CASB, and vulnerability scanners.
• Strong understanding of incident response, SOC processes, and MITRE ATT&CK frameworks.
• Proven track record of reducing manual operational workload via automation at scale.