Seeking a senior level security engineer responsible for designing and implementing cross platform remediation playbooks in multi vendor environments. This role focuses on transforming detection signals into structured containment and recovery workflows across endpoint, identity, email, and cloud systems. The ideal candidate thinks in behavior driven response, not tool specific reaction. ⸻ Core Responsibilities Playbook Design • Translate detection scenarios into structured decision trees • Define enrichment, validation, containment, remediation, and recovery stages • Implement risk based branching logic • Ensure playbooks are behavior driven rather than vendor locked ⸻ Cross Platform Remediation Must be capable of performing and automating containment across: • SentinelOne • CrowdStrike • Microsoft Defender and Microsoft 365 • VMware Carbon Black Remediation actions include: • Endpoint isolation • Process termination • Hash and indicator blocking • Session revocation • Forced credential reset • Removal of malicious inbox rules • OAuth token revocation • Conditional access enforcement ⸻ Automation & Orchestration • Integrate multiple security platforms using REST APIs • Build automation using Python or similar scripting languages • Implement structured logic with branching conditions • Develop guardrails to prevent unsafe automated actions • Normalize containment logic across different vendor platforms ⸻ Identity & Email Security Response • Investigate and remediate suspicious sign in activity • Revoke active sessions • Remove malicious mail flow or inbox rules • Manage token abuse and OAuth misuse • Coordinate identity containment with endpoint containment ⸻ Multi Tenant Operational Safety • Design remediation workflows that operate safely in MSP environments • Prevent automated actions from disrupting critical infrastructure • Define automation confidence thresholds • Implement human approval checkpoints where required ⸻ Performance & Optimization • Identify repetitive manual response actions suitable for automation • Reduce manual SOC workload • Improve containment speed and measurable MTTR • Establish remediation metrics and tracking ⸻ Required Qualifications • 5 plus years in security operations, incident response, or security engineering • Hands on experience with at least two major EDR platforms • Strong understanding of Microsoft 365 security and identity controls • Experience working with APIs and automation scripting • Experience building or maintaining response playbooks ⸻ Preferred Qualifications • Experience in multi vendor environments • Experience in MSP or MSSP operations • Familiarity with SOAR platforms • Strong understanding of identity based attack patterns • Ability to design vendor agnostic remediation frameworks ⸻ What This Role Is Not • Not a Tier 1 alert triage position • Not a ticket escalation role • Not purely monitoring This role builds the enforcement layer behind detection.