MDR Security Engineer

Job Title: MDR Security Engineer

Position Overview

Varonis MDR delivers 24x7x365 managed detection and response services, protecting customer data through advanced detection, investigation, and response at scale.

We are seeking an MDR Security Engineer to own and scale the automation layer that powers our global MDR operations. This role is responsible for building and operating production-grade automation systems that reduce manual workload, improve detection quality, and enable consistent, high-quality incident response.

The ideal candidate is a hands-on engineer with strong experience in SOAR platforms, security operations, and automation design, capable of driving measurable improvements in efficiency, reliability, and response outcomes across a high-volume SOC environment.

Responsibilities

• Upkeep the design, development, and lifecycle of SOAR playbooks, workflows, and integrations across the MDR platform
• Build and operate production-grade automation systems supporting alert triage, enrichment, investigation, and response
• Define and drive automation strategy by identifying high-impact, high-volume SOC processes and scaling them through automation
• Develop integrations across SIEM, EDR/XDR, identity, cloud, and ticketing systems using APIs and scripting
• Partner with MDR analysts, IR, threat hunters, and engineering teams to translate operational workflows into scalable automation
• Improve detection and response quality through automation of enrichment, investigation, and containment workflows
• Contribute to incident response and RCAs by delivering tooling that improves investigation speed, accuracy, and consistency
• Evaluate and implement new automation capabilities, including AI-assisted workflows and data-driven decisioning

Monitoring, Metrics & Reliability Ownership

• Define and own automation KPIs, including:
  • Automation coverage (% of alerts handled or augmented)
  • MTTD / MTTR improvement
  • False positive reduction and signal-to-noise improvement
  • Analyst time saved and throughput increase
• Build and maintain dashboards and reporting to measure automation impact on SOC performance and SLAs
• Ensure production reliability and stability of automation systems, including:
  • Monitoring workflow success/failure rates and execution latency
  • Tracking integration and API health, errors, and retry behavior
  • Implementing logging, alerting, and observability across automation pipelines
• Continuously optimize workflows based on data, feedback, and operational performance to ensure consistent 24/7 MDR operation

Requirements

• 4+ years of experience in Security Operations, MDR, Incident Response, or Security Engineering
• 2–3+ years of hands-on experience with SOAR platforms and security automation
• Proven experience owning and operating production-grade automation workflows in a SOC/MDR environment
• Strong understanding of SOC operations, alert triage, escalation workflows, and incident response
• Experience with enterprise security technologies (SIEM, SOAR, EDR/XDR, IAM/AD)
• Strong scripting/development skills (Python, PowerShell, Bash) and experience building APIs and integrations
• Experience with CI/CD, version control (Git), and deploying automation at scale
• Strong analytical thinking and problem-solving skills with the ability to translate complex workflows into automation
• Excellent communication and collaboration skills across engineering and operations teams

Nice to Have

• Experience with AI-enhanced automation or large-scale workflow orchestration
• Experience in high-volume MDR/SOC environments
• Familiarity with threat hunting or detection engineering

What Success Looks Like

• Increased automation coverage across MDR workflows
• Measurable reduction in analyst workload and response times
• Improved consistency and quality of incident response
• Stable, reliable automation systems operating at scale

We invite you to check out our Instagram Page to gain further insight into the Varonis culture!

@VaronisLife

Varonis is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristic

#LI-remote