Renata
Back to jobs
DDN

AI Automation Engineer

DDN
RTP, North Carolina, USPosted Today
Full-timeonsite
Apply NowAsk Renata

Job Description

The application window is expected to close on: 06/30/2026

Job posting may be removed earlier if the position is filled or if a sufficient number of applications are received.

Job Description:  Security Automation Engineer 

Cisco’s Security Visibility and Incident Command (SVIC) is looking for a highly skilled Automation Engineer/Developer to join our dynamic security operations team. The successful candidate will be at the forefront of designing, developing, and implementing innovative automation solutions for our security operations center. We are seeking an individual with a robust knowledge across various information technology domains, including development, AI, data science, data analysis, and security.  The candidate will work independently and with other team members to design, deploy, improve, and support solutions for security event detection, analysis, incident response, investigations, and forensics. 

 

The ideal candidate must enjoy working in a fast-paced dynamic environment with a “take-charge” / “can-do” attitude and is able to demonstrate flexibility and resiliency.  Successful candidate must be self-sufficient and be able to work with minimal supervision. Work with geographically distributed teams across different time zones. Your primary focus will be on leveraging automation to analyze large datasets, develop sophisticated detection models, and implement data-driven security solutions.

 

The responsibilities of the position include the following:

 

  • Design, develop, and maintain automation for log ingestion, normalization, enrichment, and transformation across diverse data sources and formats, with strong data quality controls.
  • Engineer, test, deploy, and maintain automated detections in SIEM/SOAR ecosystems, including rule/playbook development, tuning, and lifecycle management to reduce false positives.
  • Leverage AI and data science techniques (for example, anomaly detection, supervised/unsupervised learning, embeddings, NLP) to improve detection coverage, precision, and time-to-detect.
  • Develop reusable playbooks and workflows in SOAR and workflow tools (for example, Tines, n8n) to automate triage, enrichment, notification, containment actions, and approvals.
  • Automate case and ticket lifecycle management, including creation, enrichment, correlation, deduplication, SLA tracking, and closure in systems such as ServiceNow, Jira, or Mission Control.
  • Build robust integrations with APIs, webhooks, and event buses to connect SIEM, EDR, IAM, cloud, ITSM, and messaging platforms.
  • Implement CI/CD practices for automations and detections, including version control, code reviews, automated testing, packaging, and staged deployments.
  • Monitor and improve automation reliability and performance using metrics, logging, alerting, and SLOs; maintain runbooks and on-call support documentation.
  • Collaborate with SOC analysts, incident responders, and threat intelligence teams to translate manual procedures into resilient automations mapped to frameworks such as MITRE ATT&CK.
  • Ensure secure development and operational practices, including least-privilege access, secrets management, auditability, and compliance with data handling policies.
  • Analyze and interpret large data sets to identify trends and insights that inform detection content and automation opportunities.
  • Document architectures, detection logic, playbooks, and runbooks; contribute to knowledge sharing and enablement across the team.

Relevant Technologies

The following technologies are in scope for the position.

 

  • Strong proficiency in programming/scripting languages such as Python, Bash, SPL, and SQL.
  • Experience with security automation platforms such as Tines, n8n, Splunk SOAR (Phantom), Cortex XSOAR).
  • Familiarity with SIEM platforms such as Splunk, ELK, Microsoft Sentinel, or QRadar, including detection content development and tuning.
  • Data analysis and prototyping with Jupyter Notebooks, pandas, NumPy, or PySpark.
  • AI/ML libraries and tooling such as scikit-learn, TensorFlow, or PyTorch for applied detection use cases.
  • Event streaming and data pipelines using Kafka, Kinesis, Pub/Sub, or Azure Event Hubs; orchestration with Airflow or similar tools.
  • API integration patterns including REST/GraphQL, webhooks, OAuth 2.0, and JSON serialization.
  • Expertise with cloud solutions (AWS, Google Cloud, Azure), including serverless services (for example, Lambda, Cloud Functions, Azure Functions).
  • Containerization and infrastructure tooling such as Docker, Kubernetes, and Terraform.

Job Requirements

The following skills and competencies are required for the position:

  • BS/MS in computer/data science or related degree and 2-5 years of experience
  • Demonstrated experience designing and deploying security automations and SOAR playbooks in platforms such as Tines or n8n.
  • Broad knowledge and experience across software development, security operations, data engineering, and analytics.
  • Hands-on experience with SIEM content development, detection engineering, and tuning techniques.
  • Solid understanding of cloud infrastructure services, such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).
  • Strong problem resolution/analytical skills required to understand complex system interactions.
  • Strong work prioritization, planning, and organizational skills.
  • Strong listening, communication (verbal and written) and relationship building skills.
  • Strong documentation skills with attention to detail.
  • Strong troubleshooting skills
  • Demonstrated ability to work independently with minimal oversight throughout the entire lifecycle of a project.

Addition Qualifications

In addition to the above requirements, the ideal candidate should also possess one or more of the following competencies:

  • Cloud and Security certifications (for example, AWS, Azure, GCP, Security+, CISSP, GIAC).
  • Vendor or platform certifications relevant to SIEM/SOAR or ITSM (for example, Splunk, Elastic, Microsoft Sentinel, ServiceNow).

 

 

About Cisco SVIC

Cisco's Security Visibility and Incident Command Team (SVIC) is recognized across the globe as a leader in Information Security and Incident Response operations. Our team of ~120 people comprises industry veterans, renowned security experts and authors, and up and coming security professionals. We are the investigative branch of Cisco's Security and Trust Organization (S&TO) and provide Cisco with tailored security monitoring and response services to protect from network attacks and intellectual asset loss. We welcome talented and driven individuals to be part of our world class team.

 

Why Cisco

At Cisco, each person brings their unique talents to work as a team and make a difference.

Yes, our technology changes the way the world works, lives, plays and learns, but our edge comes from our people.

  • We connect everything – people, process, data and things – and we use those connections to change our world for the better.
  • We innovate everywhere - From launching a new era of networking that adapts, learns and protects, to building Cisco Services that accelerate businesses and business results. Our technology powers entertainment, retail, healthcare, education and more – from Smart Cities to your everyday devices.
  • We benefit everyone - We do all of this while striving for a culture that empowers every person to be the difference, at work and in our communities.

Colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Be you, with us! #WeAreCisco

Cisco is an Affirmative Action and Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis.

Cisco will consider for employment, on a case by case basis, qualified applicants with arrest and conviction records.

 

 

Why Cisco? 

At Cisco, we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint.

Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere. 

We are Cisco, and our power starts with you. 

Message to applicants applying to work in the U.S. and/or Canada:

The starting salary range posted for this position is $101,500.00 to $144,500.00 and reflects the projected salary range for new hires in this position in U.S. and/or Canada locations, not including incentive compensation*, equity, or benefits.

Individual pay is determined by the candidate's hiring location, market conditions, job-related skillset, experience, qualifications, education, certifications, and/or training. The full salary range for certain locations is listed below. For locations not listed below, the recruiter can share more details about compensation for the role in your location during the hiring process.

U.S. employees are offered benefits, subject to Cisco’s plan eligibility rules, which include medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, paid parental leave, short and long-term disability coverage, and basic life insurance. Please see the Cisco careers site to discover more benefits and perks.  Employees may be eligible to receive grants of Cisco restricted stock units, which vest following continued employment with Cisco for defined periods of time.

U.S. employees are eligible for paid time away as described below, subject to Cisco’s policies:

  • 10 paid holidays per full calendar year, plus 1 floating holiday for non-exempt employees

  • 1 paid day off for employee’s birthday, paid year-end holiday shutdown, and 4 paid days off for personal wellness determined by Cisco

  • Non-exempt employees** receive 16 days of paid vacation time per full calendar year, accrued at rate of 4.92 hours per pay period for full-time employees

  • Exempt employees participate in Cisco’s flexible vacation time off program, which has no defined limit on how much vacation time eligible employees may use (subject to availability and some business limitations)

  • 80 hours of sick time off provided on hire date and each January 1st thereafter, and up to 80 hours of unused sick time carried forward from one calendar year to the next

  • Additional paid time away may be requested to deal with critical or emergency issues for family members

  • Optional 10 paid days per full calendar year to volunteer

For non-sales roles, employees are also eligible to earn annual bonuses subject to Cisco’s policies.

Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components, subject to the applicable Cisco plan. For quota-based incentive pay, Cisco typically pays as follows:

  • .75% of incentive target for each 1% of revenue attainment up to 50% of quota;

  • 1.5% of incentive target for each 1% of attainment between 50% and 75%;

  • 1% of incentive target for each 1% of attainment between 75% and 100%; and

  • Once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.

For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay 0% up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.

The applicable full salary ranges for this position, by specific state, are listed below:

New York City Metro Area:

$123,600.00 - $200,100.00

Non-Metro New York state & Washington state:

$109,900.00 - $181,600.00

* For quota-based sales roles on Cisco’s sales plan, the ranges provided in this posting include base pay and sales target incentive compensation combined.

** Employees in Illinois, whether exempt or non-exempt, will participate in a unique time off program to meet local requirements.

See Your Match Score

Sign up and Renata will show you how this job matches your skills and experience.

Get Started Free
About DDN
Website
AI Automation Engineer at DDN | Renata