Key skills
Security AutomationSOAR PlatformsPythonPowerShellMITRE ATT&CKCI/CD PipelinesCloud Security ToolsAutomation PlaybooksCollaborationProblem SolvingAIAzureAzure ADEntra IDSplunkSaaSCI/CD
About this role
CDW is a leading multi-brand provider of information technology solutions, and they are seeking a Senior Security Engineer II focused on Security Automation, AI & Orchestration. This role involves designing and implementing automation-first, AI-assisted security capabilities to enhance cyber defense operations.
Responsibilities:
- Design, build, and maintain automation workflows that move security from detect and notify to detect, decide, and act
- Engineer reusable automation services and playbooks across identity, endpoint, network, cloud, and SaaS control planes
- Implement guardrails for automation and AI-assisted capabilities (confidence thresholds, blast‑radius controls, rollback mechanisms)
- Develop custom integrations using Python, PowerShell, APIs, AI prompts, and event‑driven architectures
- Design, build, maintain automation workflows, and AI-assisted capabilities that move security from detect and notify to detect, decide, and act
- Engineer reusable automation services and playbooks across identity, endpoint, network, cloud, and SaaS control planes
- Implement guardrails for automation and AI-assisted capabilities (confidence thresholds, blast‑radius controls, rollback mechanisms)
- Develop custom integrations within the security stack
- Partner with the Cyber Defense Engineering and Response team to integrate high-quality signals suitable for automation
- Map MITRE ATT&CK techniques to controls and automated responses once, then reuse globally
- Orchestrate cross‑pillar responses (e.g., Identity → Endpoint → Network → Response)
- Ensure automation outcomes are measurable, auditable, and resilient
- Embed security controls into CI/CD pipelines for Enterprise Defense & Automation authored content
- Use policy-as-code, automate testing processes, and establish security gates that quickly block issues
- Eliminate repeat findings through native auto‑remediation patterns
- Build automation that detects and corrects unsafe platform states without human intervention
- Develop self‑healing scenarios such as Risky identity state: restrict, rotate, expire, Endpoint degradation: auto‑repair or isolate, Control drift: rollback to known‑good state
- Collaborate closely with Cyber Security platform owners, Threat Detection Response analyst, Business Unit owners
- Contribute to shared backlogs and design reviews with clear ownership boundaries
- Document automation patterns, standards, and engineering decisions
Requirements:
- Bachelor's degree and 7+ years of experience in cybersecurity engineering, detection engineering, or automation‑focused security roles, OR 11+ years of experience in cybersecurity engineering, detection engineering, or automation‑focused security roles
- Strong experience with security automation, orchestration, or SOAR platforms
- Proficiency in Python and/or PowerShell for production‑grade automation
- Designing secure, observable, and maintainable AI‑enabled solutions
- Hands‑on experience with SIEM/XDR platforms and cloud‑scale security tooling
- Practical working knowledge of the MITRE ATT&CK framework and mapping detections to controls
- Built automation for large, diverse enterprise environments, a plus
- Familiarity with platforms such as Microsoft Defender, Microsoft Sentinel, CrowdStrike, Palo Alto XSOAR/XSIAM, Azure AD/Entra ID, Splunk, a plus
- Experience with CI/CD pipelines, infrastructure‑as‑code, and policy‑as‑code, a plus
- Background in detection engineering, threat hunting, or incident response, a plus
- Relevant certifications (GCIH, GCFA, Azure Security, cloud or automation certifications), a plus