We are looking for a highly skilled Detection & Automation Engineer to act as the technical cornerstone of our newly expanding 24/7 Security Operations Center. In this role, you will lead the detection engineering efforts across our entire corporate, large-scale cloud infrastructure, and core product telemetry, while playing a pivotal role in evaluating, deploying, and building our first SOAR platform.
If you are an action-oriented builder who loves writing high-fidelity detection rules, integrating APIs, automating manual SecOps tasks, and architecting data pipelines from the ground up, this role is for you.
Responsibilities- Drive SOAR Implementation: Lead the POC, selection, and deployment of a modern SOAR platform. Build the API connectors and Python-based playbooks to automate the triage and incident containment.
- Own the SIEM: Lead data ingestion, parsing, and CIM mapping for our corporate infrastructure, cloud, and product telemetry
- AI-Driven Automation: Integrate AI and LLM capabilities into SOAR workflows and automation scripts to accelerate alert triage, summarize complex threat data, and streamline incident response.
- Advanced Detection Engineering: Translate complex threat intelligence and 3rd-party IR logic into native, high-fidelity alerts inside the SIEM and Application logging platforms
- Continuous Tuning: Work closely with the SecOps Analysts in a continuous feedback loop to tune out False Positives and ensure alert fatigue is minimized.
- Architectural Integration: Ensure seamless log flow and webhook integrations between infrastructure, SIEM, and our security stack.
- 3+ years of hands-on experience in Detection Engineering, SecOps, or Security Automation roles.
- Proven experience building playbooks in SOAR platforms (e.g., XSOAR, Tines, Torq, Splunk SOAR, n8n).
- Strong scripting skills (Python, Bash) and deep experience interacting with REST APIs to connect disparate security tools.
- Deep technical expertise in Splunk (SPL, Dashboards, Data Models, CIM mapping, and alert creation).
- Solid understanding of Cloud Security (AWS or GCP) and containerized environments (Kubernetes). Experience analyzing cloud-native logs (CloudTrail, VPC Flow logs, etc.).
- Excellent analytical and troubleshooting skills, with a "builder" mentality—the ability to take a process that is currently done manually or does not exist, break it down logically, and automate it end-to-end.
Skills Required
- 3+ years of hands-on experience in Detection Engineering, SecOps, or Security Automation roles.
- Proven experience building playbooks in SOAR platforms (e.g., XSOAR, Tines, Torq, Splunk SOAR, n8n).
- Strong scripting skills (Python, Bash) and deep experience interacting with REST APIs.
- Deep technical expertise in Splunk (SPL, Dashboards, Data Models, CIM mapping, and alert creation).
- Solid understanding of Cloud Security (AWS or GCP) and containerized environments (Kubernetes).
What We Do
Bright Data is the world’s #1 web data platform, supporting the public data needs of over 20,000 organizations in nearly every industry. Our solutions are leveraged to fuel AI as well as research, monitor, and analyze web data for smarter decisions. Bright Data offers a complete web data platform, from award-winning proxy networks and AI-powered web scraping tools, to dynamically refreshed datasets, an unparalleled retail and e-commerce data intelligence suite, and fully managed data services. Making public web data accessible is essential to keeping markets openly competitive and providing different data types to power LLMs. As an industry leader, we are committed to defending public web data. Bright Data has proven that ethical and transparent scraping practices for legitimate business use and social good initiatives are legally sound. We are very proud to lead innovation in web data, with +5,500 granted patent claims.
