FirstEnergy at a Glance We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers’ lives brighter, the environment better and our communities stronger. FirstEnergy (NYSE: FE) is dedicated to safety, reliability, and operational excellence. Headquartered in Akron, Ohio, FirstEnergy includes one of the nation's largest investor-owned electric systems, more than 24,500 miles of transmission lines that connect the Midwest and Mid-Atlantic regions, and a regulated generating fleet with a total capacity of 3,780 megawatts. This position is within FirstEnergy Service Co., a subsidiary of FirstEnergy Corp. This position is in Akron, Ohio, reporting to the Supv of Threat Hunting, but has remote work opportunities while the person must be able to reach the FirstEnergy HQ facility based on business need within one hour travel time. This position may, subject to conditions and availability, qualify to be filled under the same terms but reporting to a regional office in Greensburg PA, Reading PA, Fairmont WV, Holmdel NJ, or Holland (Toledo) OH. The Cybersecurity Automation Developer is responsible for designing, developing, and maintaining automated solutions that scale and mature the organization’s security operations. This role enhances threat detection and accelerates incident response. A primary focus will be reducing manual workloads through automation, standardized playbooks, and repeatable engineering practices. This role designs and implements automation frameworks functions including alert triage, incident response and threat hunting. The Cybersecurity Automation Developer will develop and maintain playbooks and workflows within the SOAR, integrating tools including SIEM and EDR into cohesive automated pipelines. The Cybersecurity Automation Developer will lead initiatives to streamline security monitoring and remediation, create scalable scripting and orchestration solutions using Python, PowerShell, and JavaScript, and leverage APIs and data pipelines to normalize and correlate telemetry from multiple security sources. The Cybersecurity Automation Developer will analyze complex security datasets to identify gaps and opportunities, tune automated processes to reduce false positives, and support advanced detection through analytics and emerging technologies. Additionally, this position provides technical leadership by defining an automation strategy, mentoring junior developers, supporting vendor relationships, and contributing to architecture and lifecycle decisions. Strong communication skills, sound engineering judgment, and the ability to translate technical requirements into practical, scaled solutions are essential for success. Responsibilities Include - Design, develop, and maintain automated security workflows that streamline SOC and Threat Hunting operations, reduce manual effort, and accelerate incident detection, response, and remediation - Lead expert-level development, tuning, and lifecycle management of SOAR playbooks to automate alert triage, enrichment, containment, and response processes - Identify, troubleshoot, and remediate playbook failures, integration issues, and automation errors, performing break-fix and tuning activities prior to production deployment - Architect and maintain integrations between SOAR, SIEM, EDR, and third-party security tools using APIs and custom scripting to ensure reliable data ingestion and orchestration - Develop custom automation scripts and integrations in Python and JavaScript to extend platform capabilities and address unique SOC and enterprise security requirements - Create and maintain dashboards, reports, and metrics to provide visibility into automation performance and effectiveness - Install, validate, and deploy content packs and updates, following change management best practices to promote stable releases from development through production - Serve as the primary subject matter expert (SME) for the SOAR and security automation platforms, providing technical guidance, troubleshooting, and consulting support to the SOC, and Threat Hunting teams. - Design and maintain scalable automation frameworks and data pipelines to normalize, correlate, and enrich security telemetry across enterprise and cloud environments - Monitor and manage platform health, internal databases, and system performance to ensure reliability, data integrity, and continuous availability of automation services - Lead vendor engagement and support activities, including ticket management, platform optimization discussions, and roadmap alignment with Customer Success Engineers - Continuously evaluate and improve automation processes to reduce false positives, eliminate repetitive tasks, and increase efficiency and response quality - Document standards, playbook designs, troubleshooting procedures, and best practices to promote knowledge sharing and operational consistency across the team - Educate and mentor threat hunters and analysts on automation tools, workflows, and best practices to elevate overall SOC effectiveness - Support metrics collection, reporting, and operational communications to leadership and stakeholders Qualifications - Bachelor's degree in computer science, Information Security, or similar discipline is required with 3 years of experience - Industry standard certifications will be considered such as OSCP, GIAC (GCTI, GCIH, GREM, GCFA, GPYC, GASAE, GCSA), CISSP and HTB CPTS - A bachelor's degree in another field with 4 years relevant industry experience in cyber/information security will be considered - In lieu of a degree, 5 years of related experience is required - Related experience includes but is not limited to: SOC (Security Operations Center) experience, IT Security experience in detection, triage, investigation, and remediation of security incidents within a network and cyber automation engineer - Understanding of adversarial techniques (i.e., MITRE ATT&CK framework) - Strong understanding of programming/scripting code (Python, PowerShell, Bash. C#, JavaScript) - Hands-on administration and engineering experience with SOAR (e.g., Cortex XSOAR, Splunk SOAR, Sentinel) platforms including advanced playbook design, integration management, and production support - Experience troubleshooting and remediating automation failures, playbook errors, and platform performance issues in production environments - Experience integrating security technologies (SIEM, EDR, IAM, firewalls, cloud tools) through REST APIs and automated data pipelines - Ability to create, detect, and enhance security content - Ability to develop and maintain automation playbooks and workflows - Ability to handle, protect and preserve highly confidential information - Understanding of networking concepts and technologies - Basic understanding of statistics - Must be organized and comfortable with ongoing changes in priorities - Must be able to work independently with minimal supervision and within a team environment - Strong foundation in cyber security - Understanding of both Linux and Windows operating systems - Demonstrate strong communication skills, both verbal and written - Demonstrate creative problem solving and solutioning Benefits, Compensation & Workforce Diversity At FirstEnergy, employees are key to our success. We depend on their talents to meet the challenges of our changing business environment. We are committed to rewarding individual and team efforts through our total rewards philosophy which includes competitive pay plus incentive compensation, a company-sponsored pension plan, 401(k) savings plan with matching employer contribution, a choice of medical, prescription drug, dental, vision, and life insurance programs, as well as skills development training with tuition reimbursement. Please visit our website at www.firstenergycorp.com to learn more about all of our employee rewards programs. FirstEnergy proudly supports workforce diversity. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with a disability. No recruiters or agencies without a previously signed contract. Unable to sponsor or transfer H-1B visas at this time. Safety Safety is a core value for FirstEnergy and is essential to all of our business activities. We ensure employees have the tools, information, and processes to perform their duties in a manner that assures safety for themselves, their co-workers, our customers and the public. Our goals are to provide a safe work environment, to maintain an accident-free, injury-free workplace, and to promote and maintain public safety. To meet these goals, we dedicate ourselves to achieving world-class safety standards. Position Classification Exempt FirstEnergy Human Resources Team