AI Security Automation Engineer

📋 Description

• • Join athenahealth as an Associate AI Security Automation Engineer and play a pivotal role in shaping the future of secure healthcare technology. This is an exciting opportunity to integrate cutting-edge AI-driven analytics and automation into our DevSecOps practices, enhancing efficiency and reducing risk across the software development lifecycle.
• • You will collaborate closely with cross-functional teams, including engineering, platform, and product, to embed robust security measures into daily delivery workflows and the Software Development Lifecycle (SDLC). Your contributions will directly impact the security posture of our healthcare IT solutions, ensuring the accessibility, quality, and sustainability of healthcare for all.
• • A key responsibility will be supporting and strengthening our application security programs. This includes hands-on involvement with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) for both web and API applications, Software Composition Analysis (SCA), and secrets scanning, identifying and mitigating vulnerabilities before they can be exploited.
• • You will be instrumental in fortifying our software supply chain security. This involves integrating critical security controls directly into our Harness unified pipeline and related Continuous Integration/Continuous Deployment (CI/CD) workflows, creating a more resilient and secure development environment.
• • A significant focus of this role will be the development and implementation of AI-powered workflows. You will build innovative solutions, including agentic IDE and MCP server integrations, designed to automate the triage of security findings, prioritize risks effectively, and enable automated remediation through standardized playbooks.
• • To combat alert fatigue and operational noise, you will leverage AI-assisted analysis to meticulously tune and maintain SAST queries and rules. This proactive approach will significantly reduce false positives, allowing security teams to focus on genuine threats.
• • In the event of zero-day vulnerabilities, you will be a critical part of the response team. Your role will involve accelerating assessment and scanning processes and automating the identification of affected assets, such as vulnerable libraries or malicious packages, by utilizing our inventory sources.
• • You will be responsible for creating and maintaining comprehensive documentation, including runbooks, playbooks, and detailed guides for recurring findings, remediation steps, and operational processes. This ensures consistency and efficiency in our security operations.
• • Furthermore, you will support the security exemption and exception process, meticulously managing documentation, approvals, and tracking for expiry and renewal, ensuring compliance and risk management.
• • This role offers a unique opportunity to work with modern cloud environments, specifically AWS/Azure, and apply security fundamentals like Identity and Access Management (IAM), networking, and logging/monitoring to secure cloud-based applications.
• • You will gain hands-on experience with agentic AI systems, integrating them into engineering and security workflows to enhance automation and remediation capabilities, contributing to a more proactive and intelligent security strategy.
• • The ideal candidate will thrive in a high-performing, collaborative environment, working seamlessly with development and partner teams across the organization to achieve shared security objectives.
• • By joining athenahealth, you become part of a mission-driven organization dedicated to simplifying healthcare and improving patient outcomes. You will contribute to a culture that values innovation, accountability, and inclusivity, making a tangible difference in the lives of millions.