About The Role
ok to work remotely
Has experience building/using MCP server
Building/using Agentic agents
Sumo Experience is a must
Experience with Terraform
Strong Coding experience
Strong knowledge of Github and workactions
Strong knowledge of DaC (Detection as Code) frameworks
Background in SOC Operations
Security Automation Engineer (Sumo Logic)
The Security Automation Engineer (Sumo Logic) designs and implements automated solutions that improve the efficiency and effectiveness of security operations. This role focuses on integrating Sumo Logic into the broader detection, response, and monitoring ecosystem—reducing manual workloads, accelerating investigations, and strengthening the organization’s overall security posture.
Key Responsibilities
• Build and maintain automation workflows that streamline alert triage, enrichment, and incident response processes.
• Develop integrations between Sumo Logic, SOAR platforms, threat intelligence feeds, and ticketing systems (e.g., ServiceNow, Jira).
• Automate log ingestion, normalization, and correlation pipelines to support detection engineering.
• Create and optimize Sumo Logic searches, dashboards, and alerts for real-time monitoring and anomaly detection.
• Collaborate with the SOC and Incident Response teams to operationalize new detections and automate common investigative tasks.
• Develop scripts and APIs to pull context from external data sources (e.g., VirusTotal, AbuseIPDB, or internal CMDBs).
• Support continuous improvement of detection coverage and response workflows through automation metrics and feedback loops.
• Maintain strong documentation for all automation code, playbooks, and integrations.
Technical Skills
• Advanced experience with Sumo Logic (log pipelines, queries, scheduled searches, alert automation, API integrations).
• Strong scripting ability in Python and/or PowerShell for data manipulation and orchestration.
• Familiarity with SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR, or ServiceNow Security Operations).
• Working knowledge of SIEM concepts — correlation rules, detection tuning, and data enrichment.
• Experience with cloud security monitoring (AWS CloudTrail, Azure Sentinel, GCP Security Command Center).
• Understanding of RESTful APIs and JSON-based automation workflows.
• Familiarity with threat intelligence platforms and how to integrate them into detection workflows.
• Knowledge of MITRE ATT&CK, NIST 800-61, and incident response automation best practices.
Nice to have, working knowledge of n8n, Crowdstrike Fusion workflows, Sumo's SOAR
Principals only. Recruiters, please don't contact this job poster.