Security Automation Engineer

Make a difference here. UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security‑as‑code platform combines technology innovation and human expertise to make advanced real‑time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams. By creating continuously optimized identification, detection, and resilience from today’s dynamic threat landscape, UltraViolet Cyber provides both managed and custom‑tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India. Ultraviolet Cyber is seeking an experienced Security Engineer with a strong technical background in administering, configuring, and maintaining enterprise cybersecurity tools and infrastructure. This individual will serve as a hands‑on technical expert responsible for leading the day‑to‑day operations, configuration management, and deployment of critical security platforms and systems that protect our organization's digital assets. Qualified candidates will possess deep expertise in digital forensics platforms, security orchestration and automation tools, network detection and response systems, and security infrastructure management with a proven track record of maintaining high availability and optimal performance of security technologies. This role requires a technically proficient professional who can independently manage complex security tool ecosystems, apply technical configurations and patches, troubleshoot platform issues, and collaborate with security operations teams to ensure tools are properly tuned and delivering value. The ideal candidate will demonstrate expertise in forensics platforms including FTK and Magnet AXIOM Cyber, security automation platforms like Cortex XSOAR, network detection tools such as ExtraHop, and forensic workstations including FRED systems. A successful Security Engineer will exhibit strong problem‑solving abilities, excellent documentation skills, the ability to work in high‑pressure incident response situations, and a commitment to maintaining security best practices while ensuring minimal downtime of critical security infrastructure. This position will be part of a team that works onsite in Portland, OR. We are looking for an engineer that is excited and ready to work onsite with the team for collaboration and contributing to the team culture. What You'll Do: Administer and maintain digital forensics platforms including FTK (Forensic Toolkit), Magnet AXIOM Cyber, FRED (Forensic Recovery of Evidence Device) systems, and related forensic investigation tools. Ensure platforms are properly licensed, updated, and available for incident response and investigation activities. Manage and configure Cortex XSOAR (Security Orchestration, Automation and Response) platform including playbook development, integration configuration, incident automation workflows, and custom script development to enhance security operations efficiency. Administer ExtraHop network detection and response (NDR) platform including sensor deployment, traffic analysis configuration, detection rule tuning, dashboard creation, and integration with SIEM and other security tools for comprehensive network visibility. Apply configuration changes across other security infrastructure platforms ensuring changes are properly tested, documented, and implemented following change management procedures. Maintain configuration baselines and version control for all security tools. Perform application‑level patching and updates for security tools and platforms, coordinating maintenance windows, testing patches in non‑production environments, and ensuring minimal disruption to security operations during update cycles. Assist in the deployment of new security systems and capabilities including requirements gathering, solution design, hardware/software installation, integration with existing infrastructure, testing, and knowledge transfer to operations teams. Monitor performance and health of security infrastructure using built‑in monitoring tools, log analysis, and alerting mechanisms. Proactively identify and resolve performance bottlenecks, capacity issues, and potential system failures. Provide technical support to security analysts and incident responders using security tools, troubleshooting tool‑related issues, optimizing queries and workflows, and delivering training on tool capabilities and best practices. Develop and maintain comprehensive technical documentation including standard operating procedures (SOPs), runbooks, configuration guides, architecture diagrams, troubleshooting guides, and system inventory records for all security infrastructure. Manage integrations between security tools and platforms using APIs, webhooks, and connectors to enable data sharing, automated workflows, and unified security operations. Troubleshoot integration issues and optimize data flows. Administer SIEM (Security Information and Event Management) platforms such as Splunk or similar tools including log source onboarding, parsing rule creation, correlation rule development, dashboard creation, and search optimization. Maintain and update forensic workstations (FRED systems) including hardware maintenance, software updates, peripheral device management, and ensuring write‑blockers and forensic acquisition tools are properly calibrated and functioning. What You Have: Must be a U.S. citizen and be able to earn a government security clearance. Minimum of 6 years of experience in cybersecurity, security engineering, security operations, or related technical roles with hands‑on experience administering and configuration of enterprise security tools and infrastructure. Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Computer Engineering, or related technical field. Equivalent experience may be considered. Experience with digital forensics platforms such as FTK (Forensic Toolkit), Magnet AXIOM Cyber, EnCase, or similar tools. Understanding of forensic investigation processes and evidence handling procedures. Experience administering security orchestration and automation platforms (SOAR) such as Cortex XSOAR, Splunk SOAR, Swimlane, or similar tools. Ability to develop and maintain automation playbooks and workflows. Proficiency with network detection and response (NDR) or network traffic analysis tools such as ExtraHop, Darktrace, Corelight, Vectra, or similar platforms. Deep understanding of network protocols and traffic analysis techniques. Strong experience with SIEM platforms (Splunk, LogRhythm, QRadar, ArcSight, Sentinel) including administration, log source management, correlation rule development, and search optimization. Solid understanding of operating systems (Windows, Linux) including system administration, hardening, patching, and troubleshooting in enterprise environments. Proficiency with scripting and automation languages such as Python, PowerShell, Bash, or similar for tool automation, integration development, and operational efficiency improvements. Excellent troubleshooting and problem‑solving skills with ability to diagnose complex technical issues across multiple platforms and work under pressure during incident response situations. Effective communication skills with ability to collaborate with cross‑functional teams, explain technical concepts to non‑technical audiences, and work effectively in team environments. Preferred Qualifications Prior experience working in federal government environments. Professional cybersecurity certifications such as CompTIA Security+, GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE), GIAC Security Essentials (GSEC), or Certified Information Systems Security Professional (CISSP). Experience with endpoint detection and response (EDR) platforms such as CrowdStrike Falcon, Carbon Black, SentinelOne, Microsoft Defender for Endpoint, or similar tools. Experience with vulnerability management platforms such as Tenable Nessus, Qualys, Rapid7 InsightVM, or similar tools including scanner deployment, scan configuration, and vulnerability remediation tracking. Understanding of malware analysis tools and techniques including sandboxing technologies, reverse engineering tools, and dynamic/static analysis platforms. Experience working in Security Operations Centers (SOC) or incident response teams with understanding of security operations workflows, incident handling procedures, and escalation processes. Knowledge of infrastructure as code (IaC) and configuration management tools such as Terraform, Ansible, Puppet, or Chef for automating security infrastructure deployment and configuration. What We Offer: 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed Medical, Dental, and Vision insurance (available on the 1st day of the month following your first day of employment) Group Term Life, Short‑Term Disability, and Long‑Term Disability Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness Participation in the Discretionary Time Off (DTO) Program 11 Paid Holidays Annually 120,000 - 150,000 a year UltraViolet Cyber maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect our company's differing products, services, industries and lines of business. Candidates are typically placed into the range based on the preceding factors. We sincerely thank all applicants in advance for submitting their interest in this position. We know your time is valuable. UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status. If you want to make an impact, UltraViolet Cyber is the place for you! #J-18808-Ljbffr UltraViolet Cyber