AI Security Automation Engineer

Join us as we work to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

Employer work visa sponsorship and support are not provided for this role. Applicants must be currently authorized to work in the United States at hire and must maintain authorization to work in the United States throughout their employment with our company
Join our Security Engineering team as an AI Security Automation Engineer focused on embedding security into the SDLC and improving DevSecOps efficiency through automation, analytics, and AI-assisted tooling. You will partner with engineering, platform, and product teams to reduce risk, streamline security operations, and improve the developer experience by designing and operating scalable security automations. This is a remote role in the U.S., hybrid-eligible depending on team needs, and reports to the Security Engineering Manager.

About the Team
The Security Engineering team builds automation, tooling, and processes to protect applications, services, and the software supply chain across athenahealth. We operationalize application security (SAST/DAST/SCA), secrets management, and CI/CD controls, leveraging modern developer tools, cloud platforms (AWS/Azure), CI/CD pipelines, code repositories, and observability systems to deliver secure, scalable solutions that improve developer productivity and reduce operational risk.

Essential Responsibilities

• Integrate security controls and automated testing into delivery pipelines and SDLC workflows in partnership with engineering, platform, and product teams.
• Design, implement, and maintain automation for SAST, DAST (web and API), SCA, and secrets scanning to accelerate detection and remediation.
• Build pipeline-integrated security controls and orchestration in CI/CD systems (including Harness and related build/deploy workflows).
• Create and maintain automated triage workflows and integrations (IDE and server-side) to prioritize findings and drive standardized remediation playbooks.
• Tune analysis pipelines and security rules to reduce false positives and operational noise.
• Automate identification of affected assets and dependency impact across inventory sources and dependency graphs to speed critical vulnerability response.
• Produce and maintain runbooks, playbooks, and documentation for recurring findings, remediation steps, and operational processes.
• Support the security exception process: documentation, approvals, and lifecycle tracking.
• Evaluate and integrate AI-assisted security tools into workflows; assess output quality, document limitations, and define safe usage and review practices.
• Develop unit tests, demos, and user-facing documentation to validate security automations and demonstrate value to engineering teams.

Additional Responsibilities

• Participate in incident response and post-incident analysis to expand detection and automation coverage.
• Prototype and evaluate new security tooling or integration approaches to improve operational efficiency.
• Contribute to internal training and knowledge sharing on security automation best practices.
• Collaborate with cloud/infrastructure teams to ensure controls operate effectively in cloud environments.
• Support security assessments and audits by producing necessary artifacts and evidence.

Expected Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
• Strong knowledge of web and application security fundamentals (OWASP Top 10 and related risk models).
• Hands-on experience with SAST, DAST, SCA, or secrets scanning tools in production environments.
• Experience integrating security tooling into CI/CD and modern development workflows (pull requests, pipeline integrations).
• Proficiency in at least one automation language (Python, JavaScript/TypeScript, or similar) and experience writing unit tests for automation code.
• Practical experience with cloud platforms (AWS or Azure) and cloud security fundamentals (IAM, networking, logging/monitoring).
• Experience building CI/CD-integrated controls and automation; familiarity with Harness is a plus.
• Strong collaboration and communication skills; proven ability to work cross-functionally with engineering and platform teams.
• Experience producing runbooks, demos, and user documentation for technical audiences.

Preferred

• Experience with software supply chain security practices and relevant tooling.
• Background in agent-based or IDE integrations that assist or automate remediation workflows.
• Familiarity with observability and monitoring systems used to validate security automations.

Work Mode & Reporting (optional)

• Remote - U.S. (hybrid-eligible depending on team needs).
• Reports to Security Engineering Manager.
• May require occasional off-hours participation for incidents or major releases.

Expected Compensation
$96,000 - $162,000
The base salary range shown reflects the full range for this role from minimum to maximum. At athenahealth, base pay depends on multiple factors, including job-related experience, relevant knowledge and skills, how your qualifications compare to others in similar roles, and geographical market rates. Base pay is only one part of our competitive Total Rewards package - depending on role eligibility, we offer both short and long-term incentives by way of an annual discretionary bonus plan, variable compensation plan, and equity plans.

About athenahealth

Our vision: In an industry that becomes more complex by the day, we stand for simplicity. We offer IT solutions and expert services that eliminate the daily hurdles preventing healthcare providers from focusing entirely on their patients - powered by our vision to create a thriving ecosystem that delivers accessible, high-quality, and sustainable healthcare for all.

Our company culture: Our talented employees - or athenistas, as we call ourselves - spark the innovation and passion needed to accomplish our vision. We are a diverse group of dreamers and do-ers with unique knowledge, expertise, backgrounds, and perspectives. We unite as mission-driven problem-solvers with a deep desire to achieve our vision and make our time here count. Our award-winning culture is built around shared values of inclusiveness, accountability, and support.

Our DEI commitment: Our vision of accessible, high-quality, and sustainable healthcare for all requires addressing the inequities that stand in the way. That's one reason we prioritize diversity, equity, and inclusion in every aspect of our business, from attracting and sustaining a diverse workforce to maintaining an inclusive environment for athenistas, our partners, customers and the communities where we work and serve.

What we can do for you:

Along with health and financial benefits, athenistas enjoy perks specific to each location, including commuter support, employee assistance programs, tuition assistance, employee resource groups, and collaborative workspaces - some offices even welcome dogs.

We also encourage a better work-life balance for athenistas with our flexibility. While we know in-office collaboration is critical to our vision, we recognize that not all work needs to be done within an office environment, full-time. With consistent communication and digital collaboration tools, athenahealth enables employees to find a balance that feels fulfilling and productive for each individual situation.

In addition to our traditional benefits and perks, we sponsor events throughout the year, including book clubs, external speakers, and hackathons. We provide athenistas with a company culture based on learning, the support of an engaged team, and an inclusive environment where all employees are valued.


Learn more about our culture and benefits here: athenahealth.com/careers