Security Automation Engineer, 18-month Term

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or equivalent practical experience.
• 5–7+ years of experience in security engineering, site reliability engineering (SRE), or software engineering with a strong security focus.
• Strong software engineering mindset with the ability to design, build, and operate production systems.
• Proven ability to balance security rigor with delivery speed and business outcomes.
• Experience operating production‑grade systems with uptime, telemetry, and reliability requirements.
• Strong collaboration skills with a demonstrated ability to enable engineering teams rather than block delivery.
• Excellent written and verbal communication skills, with the ability to clearly articulate complex technical concepts.
• Ability to work effectively in a fast‑paced, global environment with shifting priorities.
• Strong software engineering skills: Python (preferred), Go or Java; REST APIs; event‑driven systems.
• Infrastructure as Code (Terraform, CloudFormation etc.) with policy‑as‑code enforcement.
• Strong knowledge of CI/CD security automation (GitHub Actions, Azure DevOps, GitLab).
• Hands-on experience with Kubernetes security (admission control, PSS, network policy, signing, runtime security).
• GitHub Enterprise security configuration and automation.
• Databricks security architecture and automation.
• AI / LLM workload security and usage controls.
• Vulnerability management automation and remediation pipelines.
• Identity‑first security (IAM, workload identity, key & secret lifecycle).

Nice To Haves

• CCSP
• CISSP
• CKS
• Azure or GCP Security Specialty
• GIAC certifications relevant to cloud or automation security

Responsibilities

• Design and implement event-driven, API-first security automation for detection, response, and preventative controls.
• Build reusable automation frameworks and libraries to enforce security standards across environments.
• Replace manual security processes with code, workflows, and orchestration integrated into enterprise platforms.
• Enforce security guardrails via policy‑as‑code (OPA/Gatekeeper, Terraform, Sentinel, cloud-native policy engines).
• Automate scanning, validation, approval gates, and auto-remediation for IaC drift and misconfigurations.
• Develop secure, IaC modules that embed security by default.
• Automate cluster and workload hardening (RBAC validation, admission control, policy enforcement).
• Integrate image scanning, signing, and deployment validation into CI/CD.
• Automate runtime signal collection and response for container workloads.
• Embed security automation into CI/CD pipelines (SAST, SCA, DAST, secrets detection, IaC scanning).
• Implement policy‑based gates and automated failure handling.
• Automate SBOM generation, artifact signing, provenance checks, and attestation enforcement.
• Automate GitHub Enterprise security controls: including repository standards, branch protections, code scanning, secret scanning, and dependency management.
• Enforce least‑privilege access and token hygiene via automation.
• Integrate GitHub security telemetry into SIEM and SOAR pipelines.
• Automate Databricks workspace and cluster security (policies, permissions, secret scopes, token lifecycle).
• Enforce data access guardrails and monitor for anomalous behavior.
• Integrate Databricks telemetry into centralized logging and detection systems.
• Build automated pipelines that prioritize, route, and remediate vulnerabilities based on risk context.
• Integrate vulnerability data with ticketing, CI/CD, and config management systems.
• Develop self‑service remediation workflows for engineering teams.
• Design and develop SOAR playbooks and automations for common and high‑impact security events.
• Integrate signals from cloud platforms, endpoints, identity systems, Kubernetes, and CI/CD into SIEM.
• Continuously tune detections to improve signal quality, reduce noise, and support analyst efficiency.
• Embed automated security checks into change management workflows, including pre‑change validation and post‑change verification.

Benefits

• Flexible vacation and Kinaxis Days (company-wide days off)
• Flexible work options
• Physical and mental well-being programs
• Regularly scheduled virtual fitness classes
• Mentorship programs, training, and career development
• Recognition programs and referral rewards
• Hackathons