athenahealthRemote
AI Security Automation Engineer
United States of America
Full Time
3 weeks ago
$96,000 - $162,000 USD
No H1B
Key skills
JavaScriptTypeScriptPythonAIAnalyticsAWSAzureIAMSDLCCI/CDCommunicationCollaborationOWASPCloud Security
About this role
athenahealth is working to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all. The AI Security Automation Engineer will focus on embedding security into the SDLC and improving DevSecOps efficiency through automation, analytics, and AI-assisted tooling.
Responsibilities:
- Integrate security controls and automated testing into delivery pipelines and SDLC workflows in partnership with engineering, platform, and product teams
- Design, implement, and maintain automation for SAST, DAST (web and API), SCA, and secrets scanning to accelerate detection and remediation
- Build pipeline-integrated security controls and orchestration in CI/CD systems (including Harness and related build/deploy workflows)
- Create and maintain automated triage workflows and integrations (IDE and server-side) to prioritize findings and drive standardized remediation playbooks
- Tune analysis pipelines and security rules to reduce false positives and operational noise
- Automate identification of affected assets and dependency impact across inventory sources and dependency graphs to speed critical vulnerability response
- Produce and maintain runbooks, playbooks, and documentation for recurring findings, remediation steps, and operational processes
- Support the security exception process: documentation, approvals, and lifecycle tracking
- Evaluate and integrate AI-assisted security tools into workflows; assess output quality, document limitations, and define safe usage and review practices
- Develop unit tests, demos, and user-facing documentation to validate security automations and demonstrate value to engineering teams
- Participate in incident response and post-incident analysis to expand detection and automation coverage
- Prototype and evaluate new security tooling or integration approaches to improve operational efficiency
- Contribute to internal training and knowledge sharing on security automation best practices
- Collaborate with cloud/infrastructure teams to ensure controls operate effectively in cloud environments
- Support security assessments and audits by producing necessary artifacts and evidence
Requirements:
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience
- Strong knowledge of web and application security fundamentals (OWASP Top 10 and related risk models)
- Hands-on experience with SAST, DAST, SCA, or secrets scanning tools in production environments
- Experience integrating security tooling into CI/CD and modern development workflows (pull requests, pipeline integrations)
- Proficiency in at least one automation language (Python, JavaScript/TypeScript, or similar) and experience writing unit tests for automation code
- Practical experience with cloud platforms (AWS or Azure) and cloud security fundamentals (IAM, networking, logging/monitoring)
- Experience building CI/CD-integrated controls and automation; familiarity with Harness is a plus
- Strong collaboration and communication skills; proven ability to work cross-functionally with engineering and platform teams
- Experience producing runbooks, demos, and user documentation for technical audiences
- Experience with software supply chain security practices and relevant tooling
- Background in agent-based or IDE integrations that assist or automate remediation workflows
- Familiarity with observability and monitoring systems used to validate security automations