Security Automation Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Stefanini North America and APAC · 7 hours ago

Security Automation Engineer

positionRaritan, NJ
timeFull-time
remoteHybrid
senioritySenior Level
date5+ years exp

Stefanini Group is looking for a Security Automation Engineer for a globally recognized company. The engineer will build and operationalize automation to correlate telemetry with Active Directory changes and manage device control policies through API integrations.

Information TechnologyOutsourcing
check
H1B Sponsor Likelynote

Responsibilities

Build the event pipeline & data model
Stand up and harden the FDR to S3 delivery for Falcon Device Control events (e.g., DcRemovableStorageDeviceConnected, DcUsbDevicePolicyViolation, DcUsbDeviceWhitelisted, etc.), ensuring schema normalization and lifecycle management in S3
Configure Microsoft Sentinel ingestion for FDR data and AD/Entra ID user/group events; develop KQL parsers, tables, and data normalizations to support correlation
Author KQL analytics/rules that join Windows Event IDs 4728/4729/6416/4663 with CrowdStrike Device Control events to identify when a user's group status should change host USB policy posture
Implement suppression/thresholding to reduce flapping and false positives (e.g., batch group changes, burst‑aware dedupe)
Build idempotent automation (PowerShell, Python, Logic Apps, Functions, or similar) that calls CrowdStrike APIs to move hosts into/out of the Device Control allow group based on Sentinel signals. Include robust error handling, retries, and audit logging
Package automation as CI/CD artifacts (IaC where appropriate), with secure secrets handling (Key Vault/Secrets Manager)
Develop unit tests for parsers and functions, integration tests for end‑to‑end flows (synthetic Windows events + synthetic FDR samples), and UAT runbooks for security operations
Create simulation data (sanitized/synthetic) to validate rules for Event IDs 4728, 4729, 6416, 4663 and representative FDR Device Control events prior to production cutover
Build dashboards in Sentinel that show pipeline health, rule efficacy, and host policy transitions
Document the full runbook: deployment, rollback, break‑glass steps, and change control
Train L2/L3 SOC and Help Desk on troubleshooting and manual override procedures

Qualification

Security engineering/automationMicrosoft SentinelKQLPythonPowerShellCrowdStrike FalconREST/OAuth2 API integrationWindows Security Event LogAWS S3CI/CD pipelinesSOAR playbooksAzure identity fundamentalsDevice control/DLP workflowsRegulated environmentsEntra ID

Required

5+ years in security engineering/automation with SIEM (Microsoft Sentinel) and endpoint security integrations
Proficiency in KQL, Python and/or PowerShell, and REST/OAuth2 API integration
Hands‑on experience with CrowdStrike Falcon (preferably Device Control), FDR pipelines, and API‑driven policy management
Solid understanding of Windows Security Event Log semantics-especially 4728/4729 (group membership changes), 6416 (new device recognized), 4663 (file access)-and how to correlate with endpoint telemetry
Cloud data engineering basics: AWS S3 object lifecycle, schema evolution, and secured ingestion; Azure identity fundamentals

Preferred

Experience building SOAR playbooks (e.g., Sentinel Automation Rules/Logic Apps) and CI/CD pipelines for security automations
Prior implementation of device control/DLP workflows and handling USB policy exceptions at scale
Exposure to regulated environments (e.g., healthcare/life sciences) and change‑controlled releases
Familiarity with Entra ID (formerly Azure AD) group modeling and hybrid AD sync nuances

Company

Stefanini North America and APAC

twittertwittertwitter
Glassdoor3.8
company-logo
Global Tech Consulting Company All in One. Stefanini is a Brazilian multinational company with 37 years of experience and presence in 41 countries.
dateFounded in 1987
location
Kölln-reisiek, Schleswig-Holstein, DEU
people-size10001+ employees
web-link
http://www.stefanini.com/EN

H1B Sponsorship

Stefanini North America and APAC has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (13)
2024 (11)
2023 (13)
2022 (18)
2021 (14)
2020 (12)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Spencer Gracias
CEO, North America/APAC
linkedin
leader-logo
David Gawenda
Chief Operating Officer NA/APAC Region
linkedin

Recent News

DBusiness Magazine
Stefanini in Southfield Launches AI-powered Cybersecurity Solution
2025-12-30
Business News Americas
After restructuring, Brazilian IT multinational Stefanini targets accelerated expansion in 2026
2025-12-13
Business Wire
Brazilian Enterprises Modernize Supply Chains with AI
2025-11-04
Company data provided by crunchbase