Security Automation Engineer (Autonomous Workflow)

BMO•Toronto, ON

1d•CA$82,800 - CA$154,800•Onsite

About The Position

We are building a modern, automation-first Security Operations capability focused on real-time detection and response to cyber threats where the majority of alerts are automatically enriched, triaged, or resolved with minimal analyst intervention. This role goes beyond traditional automation engineering. You will design and build autonomous workflows that combine detection logic, automation, and AI-assisted development into scalable, repeatable systems. Our team was tasked to reduce the investigation time and empower SOC analysts with qualitative and enriched alerts, giving them back the time they need to hunt real threats. Our current philisophy is to prioritize practical delivery over perfect initial solution—leveraging SOAR, Power-automate and GitHub Copilot to collaborate, experiment, and ship high-impact solutions quickly.

Requirements

Typically a post-secondary degree in Computer Science, Engineering, Information Systems, Information Security and between 2-4 years of relevant experience in either Security automation OR AI powered program development OR Detection engineering environments.
Proven ability to build and ship automation end-to-end.
Experience integrating systems via APIs (REST/JSON, auth patterns).
Hands-on GitHub experience (PRs, branching, collaboration).
Daily use (or strong experience) with GitHub Copilot or similar AI coding tools.
Ability to work in ambiguous, evolving environments and still deliver solutions.

Nice To Haves

Experience designing AI-driven workflows or agent-style systems.
Understanding of Prompt design coupled with structured output as well as orchestration patterns (multi-step, validation loops, fallback, retry).
Ability to combine AI capabilities with deterministic logic (Python, rules, validation layers).
Strong intuition to distinguish when AI adds value vs when it adds risk or cost.

Responsibilities

Build Autonomous Security Workflows: Design, produce and manage end-to-end automation that enhance detection via enrichment, triage, response, containment or auto closure.
Navigate across multiple security platforms (ServiceNow, Splunk ES, CrowdStrike) to improve signal to noise ratio and reduce mean time to respond and contain.
AI-Driven Workflow Development: Design LLM-generated & enriched workflows combined with deterministic logic for reliability across multiple stacks (Splunk SOAR playbooks, Python scripts, Power Automate).
Build multi-step, agent-like flows that enrich alerts, validate data, and support automated triage decisions.
Apply detection-as-code principles such as version-controlled workflows, CI/CD pipelines, testing, validation, and peer review.
Collaboratively build resilient and audit ready solutions.
Partner with detection engineers and SOC analysts to operationalize detections with automation workflows and improve triage speed and response consistency.
Use GitHub Copilot daily to accelerate development and prototyping.
Apply strong judgment on when to use LLM-based vs traditional code and how to ensure outputs are reliable, auditable, and repeatable.
Collaborate primarily through GitHub (repos, PRs, code reviews) as the single source of truth, as well as shared libraries, reusable workflow patterns, agent/workflow templates.
Solve Complex Integration Problems: Reverse-engineer APIs and integrations when documentation is limited.
Handle real-world challenges related to Authentication (OAuth, tokens), pagination, retries, rate limits, data normalization and enrichment.
Support building and maintaining an automation library and a stable automation platform.
Design workflows resilient to API failures, partial data, third-party instability.