5+ years in infrastructure engineering, security operations, or IT operations in a regulated environment
2+ years experience with API-based integrations and automation frameworks
2+ years hands-on with enterprise vulnerability management tools like Crowdstrike or Tenable
Knowledge of vulnerability management lifecycles and remediation prioritization.
Responsibilities
Design event-driven automated workflows for vulnerability remediation
Integrate various tools into cohesive remediation pipelines
Create standardized remediation playbooks for asset classes
Track and validate remediation efforts across all asset classes
Produce audit-ready documentation and support compliance requirements
Optimize tooling integrations and evaluate emerging technologies
Define and report on key remediation metrics.
Benefits
Base Pay PLUS Bonuses
Medical, Dental and Vision Insurance
401k
Health Savings and Flexible Spending Accounts
Vacation/Sick Time
Paid Holidays
Paid Parental Leave
Tuition Reimbursement
Additional Benefits
Full Job Description
First Merchants Bank is seeking a Security Automation Engineer to join our team! This position will be responsible for designing, engineering, and governing automated vulnerability remediation execution across the enterprise. This role owns the end-to-end remediation system, including automation, orchestration, validation, and reporting. The role is accountable for transforming remediation from manual, ticket-driven processes into event-driven, automated execution pipelines capable of achieving multi-day remediation timelines for critical vulnerabilities. Working across Cyber, Endpoint, Systems, Network, Cloud, and Application teams, this role establishes standardized remediation playbooks and ensures vulnerabilities are remediated consistently, efficiently, and in alignment with regulatory and operational expectations.
As part of this role you will:
Remediation Automation & Orchestration
Design and implement event-driven automated workflows that leverage AI and scripting to drive remediation across endpoints, servers, networks, applications, and cloud platforms.
Integrate vulnerability scanning tools, ticketing systems, and change management platforms into cohesive, low-friction remediation pipelines.
Reduce manual handoffs and execution variance through automation-first remediation models.
Evaluate and integrate AI-assisted triage and prioritization capabilities to support compressed remediation timelines.
Eliminate manual ticket routing and approval dependencies for pre-approved remediation scenarios.
Enterprise Remediation Playbooks
Create and maintain standardized remediation playbooks by platform and asset class (endpoints, servers, network, cloud, applications).
Define patching, configuration hardening, mitigation, and exception handling paths for each asset class.
Build playbooks that enable autonomous execution without human intervention.
Ensure playbooks account for scenarios where patching cannot meet SLA windows, providing fallback mitigation workflows (containment, isolation, configuration controls) as valid operational alternative(s).
Execution Ownership & Validation
Own remediation tracking, validation scanning, re-scan scheduling, and formal closure across all asset classes.
Partner with execution teams to identify and resolve systemic blockers to remediation.
Partner with Cyber to maintain enterprise-wide visibility into remediation status and proactively escalate aging items.
Risk, Audit & Compliance Support
Produce audit-ready remediation evidence as part of automated workflows.
Ensure exception handling and risk acceptance processes are documented, approved, and time-bound.
Support regulatory and audit requirements (FFIEC, GLBA, PCI-DSS, SOX).
Tooling & Platform Integration
Administer and optimize integrations between vulnerability scanning platforms, ITSM systems, and automation tooling.
Evaluate emerging tools and capabilities to improve remediation velocity, coverage, and automation breadth.
Serve as a subject-matter expert on remediation tooling for IT Operations and Cyber/Information Security teams.
Continuous Improvement & Metrics
Define, track, and report on key remediation KPIs: Mean Time to Remediate (MTTR), SLA compliance rate, backlog aging, and automation coverage.
Identify recurring remediation failures and engineer durable solutions that reduce or eliminate manual intervention.
Present remediation program metrics and maturity updates to IT Operations and Information Security leadership on a regular cadence.
To be successful in this position, we require the following:
High School Diploma or equivalent (GED).
At least five (5) years of experience in infrastructure engineering, security operations, or IT operations within a regulated enterprise environment.
At least two (2) years of experience with API-based integrations, SOAR platforms, automation frameworks, and building and operating automation or orchestration workflows in an enterprise context.
At least two (2) years of hands-on experience with enterprise vulnerability management and scanning platforms (Crowdstrike VM, Tenable.io/Nessus, Qualys, or Rapid7 InsightVM).
The following would be a plus:
Bachelor's degree in computer science, security, or a related field.
Industry certifications: CISSP, CompTIA Security+, CEH, GIAC GPEN, or equivalent.
Experience evaluating or operating AI-assisted security tooling and an ability to govern AI use in a compliance-sensitive context.
Previous experience in banking, financial services, or another heavily regulated industry.
Experience with ITSM and ticketing platforms
Proficiency in scripting and automation (Python, PowerShell, Ansible, or equivalent).
Strong working knowledge of vulnerability management lifecycles, CVSS scoring, and remediation prioritization strategies.
Proven ability to influence and coordinate cross-functional teams without direct management authority.
Excellent written and verbal communication skills.
