Security Automation Engineer
First Merchants Corporation · Columbus, KY · 2 wk ago
EngineeringFull-time
About the role
This position is responsible for designing, engineering, and governing automated vulnerability remediation execution across the enterprise. The role owns the end-to-end remediation system, including automation, orchestration, validation, and reporting.
Responsibilities
- Design and implement event-driven automated workflows that leverage AI and scripting to drive remediation across endpoints, servers, networks, applications, and cloud platforms.
- Integrate vulnerability scanning tools, ticketing systems, and change management platforms into cohesive, low-friction remediation pipelines.
- Reduce manual handoffs and execution variance through automation-first remediation models.
- Evaluate and integrate AI-assisted triage and prioritization capabilities to support compressed remediation timelines.
- Eliminate manual ticket routing and approval dependencies for pre-approved remediation scenarios.
- Create and maintain standardized remediation playbooks by platform and asset class (endpoints, servers, network, cloud, applications).
- Build playbooks that enable autonomous execution without human intervention.
- Ensure playbooks account for scenarios where patching cannot meet SLA windows, providing fallback mitigation workflows (containment, isolation, configuration controls) as valid operational alternatives.
- Own remediation tracking, validation scanning, re-scan scheduling, and formal closure across all asset classes.
- Partner with execution teams to identify and resolve systemic blockers to remediation.
- Partner with Cyber to maintain enterprise-wide visibility into remediation status and proactively escalate aging items.
- Produce audit-ready remediation evidence as part of automated workflows.
- Support regulatory and audit requirements (FFIEC, GLBA, PCI-DSS, SOX).
- Administer and optimize integrations between vulnerability scanning platforms, ITSM systems, and automation tooling.
- Evaluate emerging tools and capabilities to improve remediation velocity, coverage, and automation breadth.
- Serve as a subject-matter expert on remediation tooling for IT Operations and Cyber/Information Security teams.
- Define, track, and report on key remediation KPIs: Mean Time to Remediate (MTTR), SLA compliance rate, backlog aging, and automation coverage.
- Identify recurring remediation failures and engineer durable solutions that reduce or eliminate manual intervention.
- Present remediation program metrics and maturity updates to IT Operations and Information Security leadership on a regular cadence.
Requirements
- A High School Diploma or equivalent (GED).
- At least five (5) years of experience in infrastructure engineering, security operations, or IT operations within a regulated enterprise environment.
- At least two (2) years of experience with API-based integrations, SOAR platforms, automation frameworks, and building and operating automation or orchestration workflows in an enterprise context.
- At least two (2) years of hands-on experience with enterprise vulnerability management and scanning platforms (Crowdstrike VM, Tenable.io/Nessus, Qualys, or Rapid7 InsightVM).
Qualifications
- Bachelor’s degree in computer science, security, or a related field.
- Industry certifications: CISSP, CompTIA Security+, CEH, GIAC GPEN, or equivalent.
- Experience evaluating or operating AI-assisted security tooling and an ability to govern AI use in a compliance-sensitive context.
- Previous experience in banking, financial services, or another heavily regulated industry.
- Experience with ITSM and ticketing platforms.
- Proficiency in scripting and automation (Python, PowerShell, Ansible, or equivalent).
- Strong working knowledge of vulnerability management lifecycles, CVSS scoring, and remediation prioritization strategies.
- Proven ability to influence and coordinate cross-functional teams without direct management authority.
- Excellent written and verbal communication skills.
Skills
- API-based integrations
- SOAR platforms
- Automation frameworks
- Enterprise vulnerability management and scanning platforms
- AI-assisted security tooling
- ITSM and ticketing platforms
- Scripting and automation (Python, PowerShell, Ansible, or equivalent)
- Vulnerability management lifecycles, CVSS scoring, and remediation prioritization strategies
Benefits
- Medical, Dental and Vision Insurance
- 401(k)
- Health Savings and Flexible Spending Accounts
- Vacation/Sick Time
- Paid Holidays
- Paid Parental Leave
- Tuition Reimbursement
Pay
Base Pay PLUS Bonuses
Schedule
Full-time