Job Descriptions

Other Titles Include

• Systems automation engineer
• Automated systems designer
• Security automation and controls engineer

NOTE: This is an emerging work role. There are limited samples of this work role and subject matter expert tasks and activities vary based on organizational requirements. Accordingly, the information below is based upon current representations based on demand driven requirements and an understanding of AI/ML and data science requirements to support automated process engineering and analysis. It is anticipated that this will evolve significantly over the next years.

This role is most commonly found in large or medium-sized organizations. 

Reporting relationship

To be completed by the user of this job description as appropriate

Job purpose / summary

Given references, organizational security documentation, IT security guidance and required tools and resources researches and defines the business needs for security, identifies requirements for and engineers automated solutions that support organizational security. 

Duties and responsibilities

• Research, develop, integrate, test and implement security automation solutions for cloud or systems
• Scope and plan out automation work to meet timelines
• Manage/monitor automated security solution activities including fixes, updates and related processes
• Develop and maintain tools and processes to support security automation activities
• Review and test security automation scripting prior to implementation
• Troubleshoot any issues that arise during testing, production or use
• Create, use and maintain resource documentation for reference
• Identify, acquire and oversee management of financial, technical and personnel resources required to support security automation activities
• Review, approve, and oversee changes on cybersecurity policies and controls and their implication for automated activities
• Schedule and oversee security assessments and audits
• Oversee and manage vendor relations related to acquired IT security products and services
• Ensure security requirements are identified for all IT systems throughout their life cycle
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Assess threats and develop countermeasures and risk mitigation strategies against automated system vulnerabilities
• Perform risk analysis and testing whenever an automated system undergoes a change
• Develop, deliver, and oversee related cybersecurity training material and educational efforts related to role

Tools and Technology

• Threat and risk assessment tools and methodologies
• Protective and defensive systems including firewalls, anti-virus software and systems, intrusion detection and protection systems, scanners and alarms
• Security event and incident management systems and/or incident reporting systems and networks
• Authentication software and systems
• Vulnerability management processes and vulnerability assessment systems including penetration testing if used
• Security services provided if applicable
• Security testing and evaluation tools and techniques
• Process automation tools, techniques and procedures
• Applicable programming languages

Competencies

Advanced level of application of the following KSAs: 

• Process automation within a security setting
• API, automation and scripting languages
• SDN, NFV, and VNF functions
• Security engineering models
• Defining and communicating security approaches that support organizational requirements
• International security standards and compliance
• Security architecture concepts and enterprise architecture reference models
• Systems security during integration and configuration
• Security assessment and authorization processes
• Security testing and evaluation methodologies and processes
• Security across the system / software development lifecycle
• Vulnerability assessment and penetration testing methodologies and applications
• Systems and software testing and evaluation methodologies
• Evidence-based security design
• Developing and testing threat models
• Project management and security assessment throughout the project life-cycle
• Procurement processes and supply chain integrity assessments
• Advising on security requirements, policies, plans and activities
• Drafting and providing briefings and reports to different audience levels (users, managers, executives)

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Qualifications

Education.

Typically follows formal education and 5-10 years’ experience in related IT engineering, systems design, or systems integration functions. Additional training, education and/or experience in process automation and related artificial intelligence/machine learning engineering activities.

Relevant cybersecurity training to support functions as a security engineer. 

Certifications. Relevant engineering or computer science degree with post graduate training or equivalent in systems automation, artificial learning or machine learning.

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. Moderate experience (3-5 years) in security and associated systems design, integration, testing and support. Experience in programming and application testing. 2-3 years practical experience in automating system processes.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.