Design and build production-grade security automation and AI-assisted SOAR playbooks to convert detections into policy-driven responses. Integrate across identity, endpoint, network, cloud, and SaaS, embed guardrails, ensure measurable and auditable outcomes, and enable self-healing and resilient automation. Collaborate with platform owners and response teams and embed security controls into CI/CD and policy-as-code pipelines.
Description
At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It's why we're coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we're headed. We're proud to share our story and Make Amazing Happen at CDW. Job Summary Design intelligent cyber defense. Automate response. Let security act at machine speed. The Senior Security Engineer II - Security Automation, AI & Orchestration is a hands‑on, high‑impact role within the Enterprise Defense & Automation (EDA) team. You will engineer automation‑first, AI‑assisted security capabilities that transform detection signals into real‑time, policy‑driven response and control actions. This role sits at the intersection of AI‑enabled security engineering and SOAR platforms. You'll help evolve security operations from "alert and investigate" to detect, decide, and act- reducing risk through scalable, resilient, and self‑healing automation. This is a builder and problem‑solver role. You'll design and implement SOAR workflows, detection logic, and automated response playbooks, integrating AI/ML‑driven insights to improve signal fidelity, decisioning, and response outcomes across detection, response, and control planes. Your work will directly influence how threats are prevented, contained, and remediated at scale. Success in this role requires strong security fundamentals, fluency across modern security platforms, and the ability to deliver production‑grade automation that operates reliably in real‑world, adversarial environments. If you're passionate about engineering intelligent security systems that think, respond, and defend autonomously, this role puts you at the forefront of modern cyber defense. What you will do Defense Automation Engineering (Primary)
* Design, build, and maintain automation workflows that move security from detect and notify to detect, decide, and act.
* Engineer reusable automation services and playbooks across identity, endpoint, network, cloud, and SaaS control planes.
* Implement guardrails for automation and AI-assisted capabilities (confidence thresholds, blast‑radius controls, rollback mechanisms).
* Develop custom integrations using Python, PowerShell, APIs, AI prompts, and event‑driven architectures. Secure‑by‑Construction Engineering
* Design, build, maintain automation workflows, and AI-assisted capabilities that move security from detect and notify to detect, decide, and act.
* Engineer reusable automation services and playbooks across identity, endpoint, network, cloud, and SaaS control planes.
* Implement guardrails for automation and AI-assisted capabilities (confidence thresholds, blast‑radius controls, rollback mechanisms).
* Develop custom integrations within the security stack. Signal‑to‑Action Orchestration
* Partner with the Cyber Defense Engineering and Response team to integrate high-quality signals suitable for automation.
* Map MITRE ATT&CK techniques to controls and automated responses once, then reuse globally.
* Orchestrate cross‑pillar responses (e.g., Identity → Endpoint → Network → Response).
* Ensure automation outcomes are measurable, auditable, and resilient. Secure‑by‑Construction Engineering
* Embed security controls into CI/CD pipelines for Enterprise Defense & Automation authored content.
* Use policy-as-code, automate testing processes, and establish security gates that quickly block issues.
* Eliminate repeat findings through native auto‑remediation patterns Resilience & Self‑Healing Infrastructure
* Build automation that detects and corrects unsafe platform states without human intervention.
* Develop self‑healing scenarios such as Risky identity state: restrict, rotate, expire, Endpoint degradation: auto‑repair or isolate, Control drift: rollback to known‑good state. Collaboration & Influence
* Collaborate closely with Cyber Security platform owners, Threat Detection Response analyst, Business Unit owners
* Contribute to shared backlogs and design reviews with clear ownership boundaries.
* Document automation patterns, standards, and engineering decisions. What we expect of you
* Bachelor's degree and 7+ years of experience in cybersecurity engineering, detection engineering, or automation‑focused security roles, OR
* 11+ years of experience in cybersecurity engineering, detection engineering, or automation‑focused security roles.
* Strong experience with security automation, orchestration, or SOAR platforms.
* Proficiency in Python and/or PowerShell for production‑grade automation.
* Designing secure, observable, and maintainable AI‑enabled solutions
* Hands‑on experience with SIEM/XDR platforms and cloud‑scale security tooling.
* Practical working knowledge of the MITRE ATT&CK framework and mapping detections to controls.
* Built automation for large, diverse enterprise environments, a plus.
* Familiarity with platforms such as Microsoft Defender, Microsoft Sentinel, CrowdStrike, Palo Alto XSOAR/XSIAM, Azure AD/Entra ID, Splunk, a plus.
* Experience with CI/CD pipelines, infrastructure‑as‑code, and policy‑as‑code, a plus.
* Background in detection engineering, threat hunting, or incident response, a plus.
* Relevant certifications (GCIH, GCFA, Azure Security, cloud or automation certifications), a plus. Pay range: $132,000 - $190,600 depending on experience and skill set Annual bonus target of 10% subject to terms and conditions of plan Benefits overview: [https://cdw.benefit-info.com/](https://cdw.benefit-info.com/) Salary ranges may be subject to geographic differentials
* We make technology work so people can do great things.
* CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. Together, we unite. Together, we win. Together, we thrive. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law. CDW is committed to fostering an equitable, transparent, and respectful hiring process for all applicants. During our application process, CDW's goal is to get to know you as an applicant and understand your experience, strengths, skills, and qualifications. While AI can help you present yourself more clearly and effectively, the essence of your application should be authentically yours. To learn more, please review [CDW's AI Applicant Notice](https://www.cdwjobs.com/pages/ai-applicant-notice).
At CDW, we make it happen, together. Trust, connection, and commitment are at the heart of how we work together to deliver for our customers. It's why we're coworkers, not just employees. Coworkers who genuinely believe in supporting our customers and one another. We collectively forge our path forward with a level of commitment that speaks to who we are and where we're headed. We're proud to share our story and Make Amazing Happen at CDW. Job Summary Design intelligent cyber defense. Automate response. Let security act at machine speed. The Senior Security Engineer II - Security Automation, AI & Orchestration is a hands‑on, high‑impact role within the Enterprise Defense & Automation (EDA) team. You will engineer automation‑first, AI‑assisted security capabilities that transform detection signals into real‑time, policy‑driven response and control actions. This role sits at the intersection of AI‑enabled security engineering and SOAR platforms. You'll help evolve security operations from "alert and investigate" to detect, decide, and act- reducing risk through scalable, resilient, and self‑healing automation. This is a builder and problem‑solver role. You'll design and implement SOAR workflows, detection logic, and automated response playbooks, integrating AI/ML‑driven insights to improve signal fidelity, decisioning, and response outcomes across detection, response, and control planes. Your work will directly influence how threats are prevented, contained, and remediated at scale. Success in this role requires strong security fundamentals, fluency across modern security platforms, and the ability to deliver production‑grade automation that operates reliably in real‑world, adversarial environments. If you're passionate about engineering intelligent security systems that think, respond, and defend autonomously, this role puts you at the forefront of modern cyber defense. What you will do Defense Automation Engineering (Primary)
* Design, build, and maintain automation workflows that move security from detect and notify to detect, decide, and act.
* Engineer reusable automation services and playbooks across identity, endpoint, network, cloud, and SaaS control planes.
* Implement guardrails for automation and AI-assisted capabilities (confidence thresholds, blast‑radius controls, rollback mechanisms).
* Develop custom integrations using Python, PowerShell, APIs, AI prompts, and event‑driven architectures. Secure‑by‑Construction Engineering
* Design, build, maintain automation workflows, and AI-assisted capabilities that move security from detect and notify to detect, decide, and act.
* Engineer reusable automation services and playbooks across identity, endpoint, network, cloud, and SaaS control planes.
* Implement guardrails for automation and AI-assisted capabilities (confidence thresholds, blast‑radius controls, rollback mechanisms).
* Develop custom integrations within the security stack. Signal‑to‑Action Orchestration
* Partner with the Cyber Defense Engineering and Response team to integrate high-quality signals suitable for automation.
* Map MITRE ATT&CK techniques to controls and automated responses once, then reuse globally.
* Orchestrate cross‑pillar responses (e.g., Identity → Endpoint → Network → Response).
* Ensure automation outcomes are measurable, auditable, and resilient. Secure‑by‑Construction Engineering
* Embed security controls into CI/CD pipelines for Enterprise Defense & Automation authored content.
* Use policy-as-code, automate testing processes, and establish security gates that quickly block issues.
* Eliminate repeat findings through native auto‑remediation patterns Resilience & Self‑Healing Infrastructure
* Build automation that detects and corrects unsafe platform states without human intervention.
* Develop self‑healing scenarios such as Risky identity state: restrict, rotate, expire, Endpoint degradation: auto‑repair or isolate, Control drift: rollback to known‑good state. Collaboration & Influence
* Collaborate closely with Cyber Security platform owners, Threat Detection Response analyst, Business Unit owners
* Contribute to shared backlogs and design reviews with clear ownership boundaries.
* Document automation patterns, standards, and engineering decisions. What we expect of you
* Bachelor's degree and 7+ years of experience in cybersecurity engineering, detection engineering, or automation‑focused security roles, OR
* 11+ years of experience in cybersecurity engineering, detection engineering, or automation‑focused security roles.
* Strong experience with security automation, orchestration, or SOAR platforms.
* Proficiency in Python and/or PowerShell for production‑grade automation.
* Designing secure, observable, and maintainable AI‑enabled solutions
* Hands‑on experience with SIEM/XDR platforms and cloud‑scale security tooling.
* Practical working knowledge of the MITRE ATT&CK framework and mapping detections to controls.
* Built automation for large, diverse enterprise environments, a plus.
* Familiarity with platforms such as Microsoft Defender, Microsoft Sentinel, CrowdStrike, Palo Alto XSOAR/XSIAM, Azure AD/Entra ID, Splunk, a plus.
* Experience with CI/CD pipelines, infrastructure‑as‑code, and policy‑as‑code, a plus.
* Background in detection engineering, threat hunting, or incident response, a plus.
* Relevant certifications (GCIH, GCFA, Azure Security, cloud or automation certifications), a plus. Pay range: $132,000 - $190,600 depending on experience and skill set Annual bonus target of 10% subject to terms and conditions of plan Benefits overview: [https://cdw.benefit-info.com/](https://cdw.benefit-info.com/) Salary ranges may be subject to geographic differentials
* We make technology work so people can do great things.
* CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. Together, we unite. Together, we win. Together, we thrive. CDW is an equal opportunity employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status or any other basis prohibited by state and local law. CDW is committed to fostering an equitable, transparent, and respectful hiring process for all applicants. During our application process, CDW's goal is to get to know you as an applicant and understand your experience, strengths, skills, and qualifications. While AI can help you present yourself more clearly and effectively, the essence of your application should be authentically yours. To learn more, please review [CDW's AI Applicant Notice](https://www.cdwjobs.com/pages/ai-applicant-notice).
Top Skills
Python,Powershell,Soar,Palo Alto Xsoar,Xsiam,Siem,Xdr,Microsoft Sentinel,Microsoft Defender,Crowdstrike,Azure Ad,Entra Id,Splunk,Apis,Ai/Ml,Event-Driven Architecture,Ci/Cd,Infrastructure As Code,Policy-As-Code,Mitre Att&Ck
Similar Jobs at CDW
Information Technology
Manage internal coordination for the LA28 partnership, oversee project deliverables, align teams, and maintain fiscal accountability to meet strategic objectives.
Top Skills:
Itil FrameworkMS OfficeMicrosoft Project
Information Technology
Lead end-to-end professional services engagements, manage client relationships and delivery teams, ensure on-time profitable delivery, drive upsell/cross-sell, mentor staff, monitor KPIs, and mitigate risks to support revenue growth.
Information Technology
Lead design, deployment, and optimization of enterprise Splunk environments; develop dashboards, alerts, correlation searches, and data models; onboard and validate data sources; troubleshoot performance and ingestion issues; support compliance/auditing; mentor junior staff and maintain strict adherence to classified environment protocols.
Top Skills:
Splunk Enterprise,Splunk Es,Splunk Itsi,Universal Forwarder,Heavy Forwarder,Indexer,Search Head,Spl,Cim,Siem,Syslog,Apis,Ansible,Python,Terraform,Aws,Azure,Govcloud
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
