Varonis
MDR Security Engineer
TLDR
Own and scale automation powering a 24x7 MDR operation, building production-grade SOAR workflows to reduce manual toil and improve detection and incident response.
Summary
Data has never been more valuable and vulnerable. As cybercriminals become more sophisticated and regulations more strict, organizations struggle to answer one key question: “Is my data safe?"
At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe the most practical approach is protecting data from the inside out. We’ve built the industry’s first fully autonomous Data Security Platform to help our customers dramatically reduce risk with minimal human effort.
At Varonis, we move fast. We’re an ultra-collaborative company with brilliant people who care deeply about the details. Together, we’re solving interesting and complex puzzles to keep the world’s data safe.
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you
Position Overview:
Varonis MDR delivers 24x7x365 managed detection and response services, protecting customer data through advanced detection, investigation, and response at scale.
We are seeking an MDR Security Engineer to own and scale the automation layer that powers our global MDR operations. This role is responsible for building and operating production-grade automation systems that reduce manual workload, improve detection quality, and enable consistent, high-quality incident response.
The ideal candidate is a hands-on engineer with strong experience in SOAR platforms, security operations, and automation design, capable of driving measurable improvements in efficiency, reliability, and response outcomes across a high-volume SOC environment.
Responsibilities
- Upkeep the design, development, and lifecycle of SOAR playbooks, workflows, and integrations across the MDR platform
- Build and operate production-grade automation systems supporting alert triage, enrichment, investigation, and response
- Define and drive automation strategy by identifying high-impact, high-volume SOC processes and scaling them through automation
- Develop integrations across SIEM, EDR/XDR, identity, cloud, and ticketing systems using APIs and scripting
- Partner with MDR analysts, IR, threat hunters, and engineering teams to translate operational workflows into scalable automation
- Improve detection and response quality through automation of enrichment, investigation, and containment workflows
- Contribute to incident response and RCAs by delivering tooling that improves investigation speed, accuracy, and consistency
- Evaluate and implement new automation capabilities, including AI-assisted workflows and data-driven decisioning
Monitoring, Metrics & Reliability Ownership
- Define and own automation KPIs, including:
- Automation coverage (% of alerts handled or augmented)
- MTTD / MTTR improvement
- False positive reduction and signal-to-noise improvement
- Analyst time saved and throughput increase
- Build and maintain dashboards and reporting to measure automation impact on SOC performance and SLAs
- Ensure production reliability and stability of automation systems, including:
- Monitoring workflow success/failure rates and execution latency
- Tracking integration and API health, errors, and retry behavior
- Implementing logging, alerting, and observability across automation pipelines
- Continuously optimize workflows based on data, feedback, and operational performance to ensure consistent 24/7 MDR operation
Requirements
- 4+ years of experience in Security Operations, MDR, Incident Response, or Security Engineering
- 2–3+ years of hands-on experience with SOAR platforms and security automation
- Proven experience owning and operating production-grade automation workflows in a SOC/MDR environment
- Strong understanding of SOC operations, alert triage, escalation workflows, and incident response
- Experience with enterprise security technologies (SIEM, SOAR, EDR/XDR, IAM/AD)
- Strong scripting/development skills (Python, PowerShell, Bash) and experience building APIs and integrations
- Experience with CI/CD, version control (Git), and deploying automation at scale
- Strong analytical thinking and problem-solving skills with the ability to translate complex workflows into automation
- Excellent communication and collaboration skills across engineering and operations teams
Nice to Have
- Experience with AI-enhanced automation or large-scale workflow orchestration
- Experience in high-volume MDR/SOC environments
- Familiarity with threat hunting or detection engineering
What Success Looks Like
- Increased automation coverage across MDR workflows
- Measurable reduction in analyst workload and response times
- Improved consistency and quality of incident response
- Stable, reliable automation systems operating at scale
We invite you to check out our Instagram Page to gain further insight into the Varonis culture!
@VaronisLife
Varonis is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.
#LI-Hybrid
Benefits
Remote-Friendly
We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you
Varonis builds advanced data security solutions that empower organizations to detect insider threats and ensure secure data access. Targeting enterprises navigating complex data environments, their cloud-native Data Security Platform automates threat detection and data classification, providing peace of mind in a landscape where data protection is paramount.
- Founded
- Founded 2005
- Employees
- 500+ employees
- Industry
- Internet Software & Services
Security Engineer