Security Automation Engineer

Insight Global is looking for a Security Automation Engineer to join a large banking client on a 6 month contract hybrid 1 day/week in Toronto. The successful candidate will join the automation engineering team to design and ship automation while integration automation processes with new products. The successful candidate should have experience with build/integrating automation with core platforms, engineering/reverse-engineering, and system design of automation platforms in agile environments.

Note: We may use artificial intelligence tools to assist with the screening, assessment, or selection of potential applicants for this position.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

- 5-7 years experience working in automation engineering for medium-large sized organizations
- Strong automation experience with Splunk SOAR (Phantom), Python, and Power Automate (or similar workflow tools).
- Strong experience integrating API/ third‑party systems (REST/JSON, OAuth/JWT), including ServiceNow (SNOW); able to reverse‑engineer integrations without official SDKs.
- Ability to write and optimize SPL, lucene or KQL and familiarity with CIM, correlation searches, and creating automation‑ready outputs.
- Experience using Falcon telemetry and querying in LogScale to enrich investigations and drive automated decisions.
- Hands‑on experience with GitHub Actions or Azure DevOps (ADO); Git branching strategies, PR reviews, test automation - any automation tool.
- Experience designing and operating secure secret/credential patterns in automation. - CyberArk PAM or equivalent
- Ability to instrument automations for reliability—success rates, latency, error taxonomies, run health—and use those signals to improve.
- Experience treating detections/playbooks as code with pipelines, linting, tests, and approvals. Within Splunk SOAR
- Previous experience working in an agile environment, attending sprint ceremonies, backlog hygiene, and solid documentation in Confluence/SharePoint/OneDrive.
- Experience with VS Code; experience with GitHub Copilot for accelerated, high‑quality development.
- Familiarity and the ability to align playbooks and automations to ATT&CK techniques/sub‑techniques.
-Strong communication skills and Demonstrated ability to prototype, evaluate options, and land creative solutions.

- Prior experience in SOC, Incident Response (IR), or Red Team
- Experience with security tools (EDR, email, IAM, network security) and ticketing/case management patterns.
- Experience establishing automation KPIs (coverage, time‑to‑complete, failure classes) and aligning them to MTTR and analyst throughput.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.