Engineer II, Cybersecurity Risk

Position Summary

The Cybersecurity Automation & Governance Engineer is a hands-on, engineering-focused role responsible for designing, building, and optimizing automation solutions that support cybersecurity governance and Third-Party Risk Management (TPRM) programs.

This position emphasizes engineering over operations, with a primary focus on creating scalable, automated workflows, integrating systems, and transforming manual cybersecurity processes into efficient, repeatable, and data-driven solutions.

The ideal candidate combines strong software/automation engineering capabilities with working knowledge of cybersecurity frameworks such as HITRUST, SOC 2 Type II, and CIS.

Key Responsibilities

Automation & Systems Engineering

• Design, develop, and maintain automated workflows and integrations supporting TPRM, risk management, and governance processes
• Build and maintain integrations across platforms (e.g., Azure DevOps, ServiceNow, Prevalent) using APIs, webhooks, and data pipelines
• Develop scripts and automation tools (Python, PowerShell, or equivalent) to: 
• Ingest, transform, and normalize data from multiple sources
• Eliminate manual processes and improve data integrity
• Implement solutions using Microsoft Power Platform (Power Automate, Logic Apps) and/or custom engineering approaches
• Contribute to or build CI/CD pipelines supporting automation tools and system integrations

Cybersecurity Governance & TPRM Enablement

• Translate compliance frameworks (HITRUST, SOC 2 Type II, CIS) into automated, trackable processes
• Engineer systems to support: 
  • Vendor risk intake and assessment lifecycle
  • Risk remediation tracking
  • Control validation and audit evidence collection
• Partner with Cybersecurity, GRC, Legal, and Compliance teams to operationalize policy requirements into technical solutions

Azure DevOps & Workflow Optimization

• Configure and optimize Azure DevOps (ADO) boards for cybersecurity and TPRM tracking
• Automate work item creation, status updates, and reporting
• Support synchronization of data between ADO and external systems
• Improve workflow efficiency and reduce process friction through automation

Data Engineering & Reporting

• Build and maintain data pipelines to consolidate information from multiple systems into a unified data model
• Support development of dashboards (e.g., Power BI) to provide: 
  • Real-time risk visibility
  • Program performance metrics
  • Executive reporting
• Ensure data accuracy, consistency, and governance across systems

Cross-Functional Collaboration

• Serve as a technical partner to Cybersecurity, IT, Engineering, and Vendor Management teams
• Translate business and compliance requirements into technical design and implementation
• Promote an automation-first mindset across the cybersecurity organization

Required Qualifications

Education & Experience

• 3–6 years of experience in software engineering, automation engineering, DevOps, or related technical roles
• Bachelor's degree in Computer Science, Engineering, or equivalent practical experience (preferred but not required)

Technical Skills

• Strong experience with one or more programming/scripting languages: 
  • Python, PowerShell, JavaScript, or equivalent
• Hands-on experience with: 
  • REST APIs, JSON, and data transformation
  • Workflow automation tools (Power Automate, Logic Apps, or similar)
  • Azure DevOps (ADO) or similar work tracking systems
• Experience with CI/CD pipelines and DevOps practices
• Experience working with data ingestion, transformation, or ETL processes

Cybersecurity & Governance Knowledge (Working Familiarity)

• Basic familiarity with: 
  • HITRUST
  • SOC 2 Type II
  • CIS or NIST frameworks
• Understanding of: 
  • Risk management concepts
  • Third-party/vendor risk lifecycle
  • Security controls and audit requirements
• Deep cybersecurity specialization is not required; ability to operationalize and automate governance processes is essential.

Preferred Qualifications

• Experience integrating cybersecurity or GRC platforms (e.g., Prevalent, ServiceNow, Archer)
• Experience with Power BI or other data visualization tools
• Familiarity with Infrastructure-as-Code (Terraform, ARM, Bicep)
• Experience in healthcare or regulated environments (HIPAA familiarity preferred)

Key Competencies

• Strong problem-solving and systems-thinking mindset
• Ability to design and build scalable, maintainable solutions
• Comfort working in ambiguous, evolving environments
• Strong communication skills with technical and non-technical stakeholders
• Demonstrated ability to automate and optimize complex processes
• This position pays between $84,000-126,000 based on experience
• This is a remote position; however, candidates must be willing and able to travel to and work onsite at client, temporary, or corporate office locations as business needs require.

This posting addresses state specific requirements to provide pay transparency.  Compensation decisions consider many job-related factors, including but not limited to geographic location; knowledge; skills; relevant experience; education; licensure; internal equity; time in position.  A candidate entry rate of pay does not typically fall at the minimum or maximum of the role’s range.