With the increasing popularity of SOAR platforms and other Security Automation tools the “Security Automation Engineer” is becoming a more common job title. The adoption of the technologies is driven by the scarcity of good security professionals out there, and ironically there is a shortage of Security Automation Engineers too.
The primary responsibilities of this role are to improve the processes of the Security Operations Center, Cyber Incident Response Team, and other InfoSec teams. This includes identifying areas for improvement, designing and engineering automation products, and evaluating automation tools. They will also develop integrations with 3rd party services and APIs, as well as develop tools and automated tests for improving security operations. Additionally, this role will work on the CI/CD pipeline and reverse engineering.
Typical interview questions might include:
What experience do you have scripting in Python and JavaScript?
What experience do you have with REST API best practices and usage?
What are the challenges of security automation?
How does security automation help improve security?
What experience do you have with security technologies such as SIEM, firewalls, IDS/IPS, EDR, IAM principles?
What experience do you have with AWS and cloud services configuration and development?
What is security automation?
What are the benefits of security automation?
What are the different types of security automation?
How does security automation work?
