The Role
The Automation Engineer will design, develop, and maintain automation workflows for incident response, integrating Microsoft Sentinel with security tools, and ensure compliance and effectiveness of automated processes.
Summary Generated by Built In
cFocus Software seeks an Automation Engineer to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance.
Qualifications:
Duties:
Qualifications:
- Active Public Trust clearance
- B.S. Computer Science, Information Technology, or a related field
- 5+ years of experience in cybersecurity engineering, automation, or SOAR development
- Hands-on experience with Microsoft Sentinel and Azure Logic Apps
- Experience integrating Microsoft Defender XDR (Endpoint, Identity, Cloud)
- Strong scripting skills (Python, PowerShell, or similar)
- Experience with API integrations and automation frameworks
- Knowledge of incident response workflows and SOC operations
- Understanding of MITRE ATT&CK and detection engineering
- Experience with cloud environments (Azure, AWS)
- Preferred certifications include but are not limited to
- GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications
- Microsoft Sentinel or Microsoft security platform certifications
- Relevant cloud security certifications (e.g., AWS security)
- Privacy certifications (e.g., CIPP/US, CIPM) where applicable
Duties:
- Design, develop, and maintain SOAR playbooks using Microsoft Sentinel (Logic Apps)
- Automate incident response workflows (phishing, malware containment, credential compromise, endpoint isolation)
- Integrate Sentinel with Microsoft Defender XDR and other security tools (identity, endpoint, network, cloud)
- Develop custom automation workflows and enrichment pipelines
- Ensure automation aligns with Sentinel data model and schema normalization requirements
- Maintain audit logging, chain-of-custody, and compliance controls within automated workflows
- Support automation for alert triage, ticketing, and escalation processes
- Perform continuous improvement of playbooks based on incident trends and threat intelligence
- Provide quarterly tabletop exercises and playbook validation
- Develop reporting on automation effectiveness (MTTD, MTTR improvements)
- Collaborate with SOC analysts and engineers to operationalize automation use cases
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Established in 2006, cFocus Software automates FedRAMP compliance and develops government chatbots for the Azure Government Cloud, Office 365, and SharePoint. cFocus Software is the exclusive vendor of ATO (Authority To Operate) as a Service™, which automates FedRAMP compliance for the Azure Government Cloud and Office 365. Contact Us for a demo of ATO as a Service™ or a FREE government chatbot proof of concept project today!
