Job Description

Morgan Stanley is seeking a Senior Cyber Automation Engineer for its Cyber Incident Response Team (CIRT) to develop and maintain automated workflows and playbooks, enhancing security operations through automation and integration of various security tools.

Requirements

3+ years of experience in developing, implementing, and maintaining automated workflows and playbooks with SOAR platforms.
Advanced proficiency in scripting languages such as Python, PowerShell, and Bash for security automation and integration.
Experience integrating SOAR platforms with various security tools (SIEM, EDR, etc.) using APIs and custom connectors.
Ability to design, document and optimize automated processes and playbooks for SOC workflow.
Strong understanding of security operations concepts, triage and investigation, including event management, log collection, and workflow orchestration.
Excellent written and verbal communication skills for documenting automation processes and collaborating with SOC team members.
Experience working in a collaborative environment to identify automation opportunities and implement solutions.
Hands-on experience building, tuning, and maintaining SOC detections within SIEM platforms.

Responsibilities

Develop, implement, and maintain automated playbooks and workflows in the SOAR platform to streamline SOC operations.
Integrate the SOAR with various security tools (SIEM, EDR, Email, etc.) using APIs and custom connectors.
Automate incident triage, investigation, and response processes to reduce manual effort and improve response times.
Collaborate with analysts and leadership to identify automation opportunities and optimize security operations.
Maintain up-to-date knowledge of the threat landscape, security technologies and best practices.
Build, tune, and maintain SOC detections within the SIEM, leveraging scripting and automation to ensure accurate and efficient threat detection.
Document automation processes, playbooks, and integrations for knowledge sharing and compliance.