Security Automation Engineer

Job Number: R50012676

Brand: Fox Corporation

Job Type: Engineering, Product Management / User Experience / Content, Security, Technology

Location: Los Angeles, California; Home Office, California

Job Posting Date: October 16, 2020

Fox Corporation logo


Fox Corporation

Under the FOX banner, we produce and distribute content through some of the world’s leading and most valued brands, including: FOX News, FOX Sports, the Fox Network, and the FOX Television Stations. We empower a diverse range of creators to imagine and develop culturally significant content, while building an organization that thrives on creative ideas, operational expertise and strategic thinking.


Are you ready to join a more agile company ready to rapidly innovate and build new products? Fox is building an innovative security operations platform and is looking for a Security Automation Engineer to elevate our SOC workflows, tooling, detections, and mitigation techniques. We believe automation is king and our goal is to automate security operations everywhere we can.

A core focus for this role will be on driving the automation and codification of resources to modernize the security infrastructure. We are interested in someone who is willing to challenge the status quo. How can we apply threat modeling to daily security operations? How can we automate security remediations? What open source technology is available that can be applied as part of our toolset? How can we drive a “zero-trust” methodology throughout the business? Have an opinion on DevSecOps? Bring it to the table!

This position can be based in Los Angeles or remotely.


  • Develop our custom Security Orchestration, Automation and Response (SOAR) framework to automate the SOC workflow of the SecOps team; which includes alert triaging, ticketing, reporting, paging and mitigation

  • Develop automation tools for incident response, which includes automated containment and mitigation of threats; enhancing our detection and investigation capabilities with threat correlations and intelligence; and integrate situational awareness of system intrusions

  • Apply knowledge of monitoring, analyzing, detecting, and responding to Cyber events to develop clever, efficient methods and technology to triage all the various incident types and to weaponize our threat hunting capabilities

  • Work closely with operations teams to develop and integrate custom playbooks, use cases and workflows that will be adopted across the SecOps team and the entire organization

  • Aid in the investigation and triaging of major incidents

  • Work with other developers on the InfoSec team on a variety of security automation projects (e.g. code analysis, vulnerability triaging, etc.)

  • Contribute to the deployment of deception technology (e.g. honeypots, honey hashes) across both enterprise and cloud environments

  • Evaluate cutting edge security technologies, create proof-of-concepts and drive them towards adoption

  • Develop schemes and technology to secure and monitor new technologies as we adopt them

  • Create resources, documentation, and training materials to help both the security operations and development engineering teams

  • Provide mentorship and guidance to internal teams


  • Highly proficient developer in multiple programming and scripting languages (e.g. Python, Go, Powershell, JavaScript, bash, etc.) with experience in API development and integration

  • 2+ years of hands-on software development experience and/or 2+ years developing custom SOAR platforms and security automation

  • 2+ years of experience working with Incident Response or Security Operations Center (SOC) teams triaging for IT enterprise (email, endpoint security, firewalls, network security, IPS/IDS, etc.) and cloud environments

  • Develop proficiently in an AWS cloud environment (e.g. ECS, Lambda, Step Functions, RDS, etc.)

  • Solid grasp of cloud security concepts and best practices

  • Strong ability to learn and research new things, including tools, languages, frameworks, etc.

  • Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to a high-level audience and training

  • A collaborative mindset that thrives in fast-paced environments

Nice to Have

  • BS or MS in Computer Science, Engineering or Information Systems Management with a Security concentration; or 4+ years of experience in development or Cyber work

  • Previous experience with cybersecurity: SIEM, IPS/IDS, HIDS/NIDS, Networking, WAFs, Edge/endpoint security, DNS security, Cryptography, layered security, defense in depth practices

  • AWS Certifications (e.g. AWS Certified Developer Associate, AWS SysOps Administrator, AWS Certified Solutions Architect, AWS Certified Security Specialty, AWS Advanced Networking Specialty)

  • Security certifications (CompTIA Net+, CompTIA A+, CompTIA Security+, GIAC Certified Incident Handler (GCIH), or EC-Council Certified Incident Handler (ECIH) Certification)

  • Familiarity with DevOps practices, including CI/CD pipelines and tools (e.g. Jenkins)

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, disability, protected veteran status, or any other characteristic protected by law. We will consider for employment qualified applicants with criminal histories consistent with applicable law.