Key skills
PythonJavaGoAILLMDatabricksAzureGCPTerraformKubernetesGitHub ActionsCloudFormationIAMAzure DevOpsGitHubGitLabRepositoryCI/CDChange ManagementCommunicationCollaboration
About this role
Kinaxis is a global leader in modern supply chain orchestration, and they are seeking a Security Automation Engineer to design, build, and operate automated security capabilities across a hybrid enterprise environment. The role focuses on eliminating manual security efforts by embedding security guardrails, detections, and remediation directly into platforms, pipelines, and operational workflows.
Responsibilities:
- Design and implement event-driven, API-first security automation for detection, response, and preventative controls
- Build reusable automation frameworks and libraries to enforce security standards across environments
- Replace manual security processes with code, workflows, and orchestration integrated into enterprise platforms
- Enforce security guardrails via policy‑as‑code (OPA/Gatekeeper, Terraform, Sentinel, cloud-native policy engines)
- Automate scanning, validation, approval gates, and auto-remediation for IaC drift and misconfigurations
- Develop secure, IaC modules that embed security by default
- Automate cluster and workload hardening (RBAC validation, admission control, policy enforcement)
- Integrate image scanning, signing, and deployment validation into CI/CD
- Automate runtime signal collection and response for container workloads CI/CD & Software Supply Chain Security
- Embed security automation into CI/CD pipelines (SAST, SCA, DAST, secrets detection, IaC scanning)
- Implement policy‑based gates and automated failure handling
- Automate SBOM generation, artifact signing, provenance checks, and attestation enforcement
- Automate GitHub Enterprise security controls: including repository standards, branch protections, code scanning, secret scanning, and dependency management
- Enforce least‑privilege access and token hygiene via automation
- Integrate GitHub security telemetry into SIEM and SOAR pipelines
- Automate Databricks workspace and cluster security (policies, permissions, secret scopes, token lifecycle)
- Enforce data access guardrails and monitor for anomalous behavior
- Integrate Databricks telemetry into centralized logging and detection systems
- Build automated pipelines that prioritize, route, and remediate vulnerabilities based on risk context
- Integrate vulnerability data with ticketing, CI/CD, and config management systems
- Develop self‑service remediation workflows for engineering teams
- Design and develop SOAR playbooks and automations for common and high‑impact security events
- Integrate signals from cloud platforms, endpoints, identity systems, Kubernetes, and CI/CD into SIEM
- Continuously tune detections to improve signal quality, reduce noise, and support analyst efficiency
- Embed automated security checks into change management workflows, including pre‑change validation and post‑change verification
Requirements:
- Bachelor's degree in Information Security, Computer Science, Information Technology, or equivalent practical experience
- 5–7+ years of experience in security engineering, site reliability engineering (SRE), or software engineering with a strong security focus
- Strong software engineering mindset with the ability to design, build, and operate production systems
- Proven ability to balance security rigor with delivery speed and business outcomes
- Experience operating production‑grade systems with uptime, telemetry, and reliability requirements
- Strong collaboration skills with a demonstrated ability to enable engineering teams rather than block delivery
- Excellent written and verbal communication skills, with the ability to clearly articulate complex technical concepts
- Ability to work effectively in a fast‑paced, global environment with shifting priorities
- Strong software engineering skills: Python (preferred), Go or Java; REST APIs; event‑driven systems
- Infrastructure as Code (Terraform, CloudFormation etc.) with policy‑as‑code enforcement
- Strong knowledge of CI/CD security automation (GitHub Actions, Azure DevOps, GitLab)
- Hands-on experience with Kubernetes security (admission control, PSS, network policy, signing, runtime security)
- GitHub Enterprise security configuration and automation
- Databricks security architecture and automation
- AI / LLM workload security and usage controls
- Vulnerability management automation and remediation pipelines
- Identity‑first security (IAM, workload identity, key & secret lifecycle)
- CCSP, CISSP, CKS
- Azure or GCP Security Specialty
- GIAC certifications relevant to cloud or automation security