Cybersecurity Automation Developer

The Cybersecurity Automation Developer is responsible for designing, developing, and maintaining automated solutions that scale and mature the organization's security operations. This role enhances threat detection and accelerates incident response. A primary focus will be reducing manual workloads through automation, standardized playbooks, and repeatable engineering practices.

This role designs and implements automation frameworks functions including alert triage, incident response and threat hunting. The Cybersecurity Automation Developer will develop and maintain playbooks and workflows within the SOAR, integrating tools including SIEM and EDR into cohesive automated pipelines.

The Cybersecurity Automation Developer will lead initiatives to streamline security monitoring and remediation, create scalable scripting and orchestration solutions using Python, PowerShell, and JavaScript, and leverage APIs and data pipelines to normalize and correlate telemetry from multiple security sources.

The Cybersecurity Automation Developer will analyze complex security datasets to identify gaps and opportunities, tune automated processes to reduce false positives, and support advanced detection through analytics and emerging technologies.

Additionally, this position provides technical leadership by defining an automation strategy, mentoring junior developers, supporting vendor relationships, and contributing to architecture and lifecycle decisions. Strong communication skills, sound engineering judgment, and the ability to translate technical requirements into practical, scaled solutions are essential for success.

Responsibilities Include

• Design, develop, and maintain automated security workflows that streamline SOC and Threat Hunting operations, reduce manual effort, and accelerate incident detection, response, and remediation
• Lead expert-level development, tuning, and lifecycle management of SOAR playbooks to automate alert triage, enrichment, containment, and response processes
• Identify, troubleshoot, and remediate playbook failures, integration issues, and automation errors, performing break-fix and tuning activities prior to production deployment
• Architect and maintain integrations between SOAR, SIEM, EDR, and third-party security tools using APIs and custom scripting to ensure reliable data ingestion and orchestration
• Develop custom automation scripts and integrations in Python and JavaScript to extend platform capabilities and address unique SOC and enterprise security requirements
• Create and maintain dashboards, reports, and metrics to provide visibility into automation performance and effectiveness
• Install, validate, and deploy content packs and updates, following change management best practices to promote stable releases from development through production
• Serve as the primary subject matter expert (SME) for the SOAR and security automation platforms, providing technical guidance, troubleshooting, and consulting support to the SOC, and Threat Hunting teams.
• Design and maintain scalable automation frameworks and data pipelines to normalize, correlate, and enrich security telemetry across enterprise and cloud environments
• Monitor and manage platform health, internal databases, and system performance to ensure reliability, data integrity, and continuous availability of automation services
• Lead vendor engagement and support activities, including ticket management, platform optimization discussions, and roadmap alignment with Customer Success Engineers
• Continuously evaluate and improve automation processes to reduce false positives, eliminate repetitive tasks, and increase efficiency and response quality
• Document standards, playbook designs, troubleshooting procedures, and best practices to promote knowledge sharing and operational consistency across the team
• Educate and mentor threat hunters and analysts on automation tools, workflows, and best practices to elevate overall SOC effectiveness
• Support metrics collection, reporting, and operational communications to leadership and stakeholders

• Bachelor's degree in computer science, Information Security, or similar discipline is required with 3 years of experience

• Industry standard certifications will be considered such as OSCP, GIAC (GCTI, GCIH, GREM, GCFA, GPYC, GASAE, GCSA), CISSP and HTB CPTS
• A bachelor's degree in another field with 4 years relevant industry experience in cyber/information security will be considered
• In lieu of a degree, 7 years of related experience is required
• Related experience includes but is not limited to: SOC (Security Operations Center) experience, IT Security experience in detection, triage, investigation, and remediation of security incidents within a network and cyber automation engineer

• Understanding of adversarial techniques (i.e., MITRE ATT&CK framework)
• Strong understanding of programming/scripting code (Python, PowerShell, Bash. C#, JavaScript)
• Hands-on administration and engineering experience with SOAR (e.g., Cortex XSOAR, Splunk SOAR, Sentinel) platforms including advanced playbook design, integration management, and production support
• Experience troubleshooting and remediating automation failures, playbook errors, and platform performance issues in production environments
• Experience integrating security technologies (SIEM, EDR, IAM, firewalls, cloud tools) through REST APIs and automated data pipelines
• Ability to create, detect, and enhance security content
• Ability to develop and maintain automation playbooks and workflows
• Ability to handle, protect and preserve highly confidential information
• Understanding of networking concepts and technologies
• Basic understanding of statistics
• Must be organized and comfortable with ongoing changes in priorities
• Must be able to work independently with minimal supervision and within a team environment
• Strong foundation in cyber security
• Understanding of both Linux and Windows operating systems
• Demonstrate strong communication skills, both verbal and written
• Demonstrate creative problem solving and solutioning

FirstEnergy at a Glance We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers' lives brighter, the environment better and our communities stronger. FirstEnergy (NYSE: FE) is dedicated to safety, reliability, and operational excellence. Headquartered in Akron, Ohio, FirstEnergy includes one of the nation's largest investor-owned electric systems, more than 24,500 miles of transmission lines that connect the Midwest and Mid-Atlantic regions, and a regulated generating fleet with a total capacity of 3,780 megawatts. This position is within FirstEnergy Service Co., a subsidiary of FirstEnergy Corp. This position is in Akron, Ohio, reporting to the Supv of Threat Hunting, but has remote work opportunities while the person must be able to reach the FirstEnergy HQ facility based on business need within one hour travel time. This position may, subject to conditions and availability, qualify to be filled under the same terms but reporting to a regional office in Greensburg PA, Reading PA, Fairmont WV, Holmdel NJ, or Holland (Toledo) OH.