Lead Security Automation & Detection Engineer

Chicago, Illinois, United States

LiveRamp logo
Apply now Apply later

Posted 1 month ago

LiveRamp is the trusted platform that makes data accessible and meaningful. Our services power people-based customer experiences that improve the relevance of marketing and allow consumers to better connect with the brands and products they love. We thrive on solving the toughest technical and customer challenges, and we’re always looking for smart, compassionate people to help us blaze a trail.


Mission: LiveRamp makes it safe and easy for businesses to use data effectively.


LiveRamp is seeking an experienced leader to drive all aspects of our security automation, engineering, and threat detection.  This role will report to the Director of Information Security Operations, and work with cross-functional teams and external parties to develop and operationalize automation use cases. This role will increase operations maturity by converging automation, incident response, and threat intelligence.  In addition to automation, this role


You will:

  • Programmatically develop automated workflows in SOAR platform to improve and make security incident analysis more consistent and efficient
  • Help identify processes across the business that can be improved through automation
  • Using the MITRE ATT&CK framework, develop, test, and implement new SIEM threat detections for resources in cloud environments
  • Assess the event visibility and log coverage of the SIEM, and work with DevOps, Engineers, and platform owners to configure log forwarding 
  • Design and lead threat hunt exercises with SIEM, log aggregation, and EDR technologies
  • Perform activities that mimic threat actor behavior to test visibility, security controls and detections, and make recommendations for improvements
  • Validate and make recommendations for remediation from bug bounty program findings
  • Enable threat intelligence driven SOC investigations by integrating threat feeds with the SIEM and SOAR platforms
  • Work collaboratively with DevOps, engineering, product, and cloud infrastructure teams to lead process improvements and improve overall security effectiveness
  • Plan, implement, manage upgrades to security solutions and platforms
  • Participate in change control processes that may have impact to LiveRamp’s security posture

Your team will: 

  • Improve security alert triage and speed by implementing Security Orchestration Automation and Response (SOAR) technology
  • Conduct threat hunting exercises looking for specific malicious activity
  • Improve SIEM logging, monitoring, and threat detection capabilities for production and corporate IT assets 


About you: 

  • Bachelor or Masters degree in Cyber Security, Security Engineering, Computer Engineering, Computer Science, Management Information Systems, or similar technical discipline 
  • Diverse knowledge of web proxies, firewalls, IDS/IPS, IT infrastructure and processes
  • Ability to write scripts and create tools using Python, C++, Java, Ruby, and/or PowerShell
  • Have a solid understanding of REST/SOAP/WSDL/XML and HTTP Request Methods
  • Prior security analyst experience with knowledge in Windows, MacOS, and Linux operating systems
  • Knowledge of cloud computing and cloud technologies
  • Experience conducting investigations in EDR, SIEM, and DLP technologies
  • One or more certifications, including but not limited to CCSP, CCSK, GCIH, GDAT, GCIA, GREM, GCFA, GSEC, CISSP, AWS Cloud Practitioner or GCP Cloud Engineer
  • Skilled in malware analysis, forensic analysis and incident response investigations

Bonus Points:

  • Network security monitoring and analysis
  • Malware reverse engineering
  • Security engineering experience in GCP



  • People. Work with talented, collaborative, and friendly people who love what they do.
  • Food. Enjoy catered meals, boundless snacks, and the occasional food truck.
  • Fun. We host events such as game nights, happy hours, camping trips, and sports leagues. 
  • Work/Life Harmony. Flexible paid time off, remote work opportunities, and paid parental leave. 
  • Stock. Every employee is a stakeholder in our future.
  • Whole Health Package. Medical, dental, vision and disability insurance. Plus mental health support (via Talkspace) and fitness reimbursement up to $100 per month. 
  • Savings. Our 401K matching plan helps you plan ahead.
  • Commuter Subsidy. $75 per month to be used toward commuter cards, monthly parking, rideshare pools, or metro/bus passes.
  • Location. Work in the heart of Chicago or remotely


More about us:

To all recruitment agencies: LiveRamp does not accept agency resumes. Please do not forward resumes to our jobs alias, LiveRamp employees or any other company location. LiveRamp is not responsible for any fees related to unsolicited resumes.

LiveRamp is an affirmative action and equal opportunity employer (AA/EOE/W/M/Vet/Disabled) and does not discriminate in recruiting, hiring, training, promotion or other employment of associates or the awarding of subcontracts because of a person's race, color, sex, age, religion, national origin, protected veteran, disability, sexual orientation, gender identity, genetics or other protected status. Qualified applicants with arrest and conviction records will be considered for the position in accordance with the San Francisco Fair Chance Ordinance.  California residents: Please see our California Personnel Privacy Policy for more information regarding how we collect, use, and disclose the personal information you provide during the job application process .
Job tags: Automation AWS C CISSP DevOps GCFA GCIH IDS Incident response IPS Java Linux Malware Network security Python Ruby SIEM Threat detection Threat intelligence Windows