Security Automation & Mdr Architect

Description:

We are seeking a seasoned Security Automation & MDR Architect with deep expertise in the ReliaQuest Managed Detection & Response (MDR) platform to lead the design, implementation, and optimization of enterprise detection and response framework. The ideal candidate will have a strong background in security operations, threat detection, automation engineering, and playbook development—paired with strategic architectural experience.

This role will be critical in aligning our security operations model with Financial services and NIST standards, while leveraging automation and advanced threat response capabilities through ReliaQuest and supporting platforms (e.g., Splunk, Defender for Endpoint, SentinelOne, Microsoft Sentinel, ServiceNow).

Key Responsibilities:

• Serve as the subject matter expert on the ReliaQuest MDR platform, including designing and integration with log sources, detection content, and escalation workflows.
• Assess end-to-end detection, triage, enrichment, and containment workflows in coordination with ReliaQuest and internal teams and recommend any tuning, enrichment, or integration gaps.
• Design, build, and test automated workflows using platforms such as ReliaQuest, SOAR (Splunk SOAR, Sentinel)
• Establish and document standardized, modular playbooks with embedded feedback loops for tuning and optimization.
• Define clear ownership, accountability, and escalation paths in collaboration with stakeholders
• Conduct log source rationalization assessments and identify ingestion health issues, enrichment gaps, or underperforming integrations.
• Define Key Performance Areas (KPAs), Service-Level Agreements (SLAs), and Key Risk Indicators (KRIs).
• Execute adversary simulation scenarios to validate detection, escalation, and automated response

Required Qualifications:

• 10 + years of experience in Cybersecurity Operations, Security Architecture, or Threat Detection & Response roles.
• Hands-on expertise with the ReliaQuest GreyMatter platform or similar MDR technologies.
• Proven experience designing and implementing SOC platform & automated playbooks using SOAR platforms (e.g., Splunk SOAR, Sentinel, XSOAR).
• Deep understanding of log source onboarding, enrichment, normalization, and telemetry coverage strategies.
• Experience working with or managing MSSPs or hybrid MDR models.
• Preferred Qualifications:
• Certifications such as GIAC GCIA, GCED, GCPM, GSEC, or CISSP.
• Experience with Microsoft Sentinel, Defender for Endpoint, Azure logging, and related Microsoft security stack.