Role Description First Merchants Bank is seeking a Security Automation Engineer to join our team! This position will be responsible for designing, engineering, and governing automated vulnerability remediation execution across the enterprise. This role owns the end-to-end remediation system, including automation, orchestration, validation, and reporting. The role is accountable for transforming remediation from manual, ticket-driven processes into event-driven, automated execution pipelines capable of achieving multi-day remediation timelines for critical vulnerabilities. Working across Cyber, Endpoint, Systems, Network, Cloud, and Application teams, this role establishes standardized remediation playbooks and ensures vulnerabilities are remediated consistently, efficiently, and in alignment with regulatory and operational expectations. - Remediation Automation & Orchestration - Design and implement event-driven automated workflows that leverage AI and scripting to drive remediation across endpoints, servers, networks, applications, and cloud platforms. - Integrate vulnerability scanning tools, ticketing systems, and change management platforms into cohesive, low-friction remediation pipelines. - Reduce manual handoffs and execution variance through automation-first remediation models. - Evaluate and integrate AI-assisted triage and prioritization capabilities to support compressed remediation timelines. - Eliminate manual ticket routing and approval dependencies for pre-approved remediation scenarios. - Enterprise Remediation Playbooks - Create and maintain standardized remediation playbooks by platform and asset class (endpoints, servers, network, cloud, applications). - Define patching, configuration hardening, mitigation, and exception handling paths for each asset class. - Build playbooks that enable autonomous execution without human intervention. - Ensure playbooks account for scenarios where patching cannot meet SLA windows, providing fallback mitigation workflows (containment, isolation, configuration controls) as valid operational alternative(s). - Execution Ownership & Validation - Own remediation tracking, validation scanning, re-scan scheduling, and formal closure across all asset classes. - Partner with execution teams to identify and resolve systemic blockers to remediation. - Partner with Cyber to maintain enterprise-wide visibility into remediation status and proactively escalate aging items. - Risk, Audit & Compliance Support - Produce audit-ready remediation evidence as part of automated workflows. - Ensure exception handling and risk acceptance processes are documented, approved, and time-bound. - Support regulatory and audit requirements (FFIEC, GLBA, PCI-DSS, SOX). - Tooling & Platform Integration - Administer and optimize integrations between vulnerability scanning platforms, ITSM systems, and automation tooling. - Evaluate emerging tools and capabilities to improve remediation velocity, coverage, and automation breadth. - Serve as a subject-matter expert on remediation tooling for IT Operations and Cyber/Information Security teams. - Continuous Improvement & Metrics - Define, track, and report on key remediation KPIs: Mean Time to Remediate (MTTR), SLA compliance rate, backlog aging, and automation coverage. - Identify recurring remediation failures and engineer durable solutions that reduce or eliminate manual intervention. - Present remediation program metrics and maturity updates to IT Operations and Information Security leadership on a regular cadence. Qualifications - High School Diploma or equivalent (GED). - At least five (5) years of experience in infrastructure engineering, security operations, or IT operations within a regulated enterprise environment. - At least two (2) years of experience with API-based integrations, SOAR platforms, automation frameworks, and building and operating automation or orchestration workflows in an enterprise context. - At least two (2) years of hands-on experience with enterprise vulnerability management and scanning platforms (Crowdstrike VM, Tenable.io/Nessus, Qualys, or Rapid7 InsightVM). Requirements - Bachelor’s degree in computer science, security, or a related field (preferred). - Industry certifications: CISSP, CompTIA Security+, CEH, GIAC GPEN, or equivalent (preferred). - Experience evaluating or operating AI-assisted security tooling and an ability to govern AI use in a compliance-sensitive context (preferred). - Previous experience in banking, financial services, or another heavily regulated industry (preferred). - Experience with ITSM and ticketing platforms (preferred). - Proficiency in scripting and automation (Python, PowerShell, Ansible, or equivalent) (preferred). - Strong working knowledge of vulnerability management lifecycles, CVSS scoring, and remediation prioritization strategies (preferred). - Proven ability to influence and coordinate cross-functional teams without direct management authority (preferred). - Excellent written and verbal communication skills (preferred). Benefits - Base Pay - PLUS Bonuses - Medical, Dental and Vision Insurance - 401k - Health Savings and Flexible Spending Accounts - Vacation/Sick Time - Paid Holidays - Paid Parental Leave - Tuition Reimbursement - Additional Benefits Company Description First Merchants is guided by a genuine philosophy of being a meaningful place to work and having a prosperous impact across all walks of life throughout the communities we serve, including consumers, businesses and other organizations. Our Vision, Mission and Team statement reflect and reinforce that authentic service philosophy. - Our Vision: To enhance the financial wellness of the diverse communities we serve. - Our Mission: To be the most responsive, knowledgeable, and high-performing financial organization for our clients, teammates, and shareholders. - Our Team: "We are a collection of dynamic colleagues with diverse experiences and perspectives who share a passion for positively impacting lives. We are genuinely committed to attracting and engaging teammates of diverse backgrounds. We believe in the power of inclusion and belonging." Apply today to begin your career with us!

Role Description Cybersecurity Incident Response Team (CIRT) Engineers at Lumen are on the front lines of protecting the systems that power global connectivity. In this role, you’ll respond to and mitigate cybersecurity threats while proactively identifying risks and strengthening our defenses. At Lumen, this work goes beyond incident response; it’s an opportunity to solve complex problems, influence how we defend at scale, and help shape the future of our security capabilities. You’ll collaborate with internal teams and partners to drive innovation, improve detection, and anticipate emerging threats in a fast-paced, high-accountability environment. If you’re motivated by challenging work, continuous learning, and the chance to make a real impact, this role offers the flexibility, trust, and support to help you grow while contributing to meaningful outcomes across our infrastructure and services. Location This is a remote position open to candidates based anywhere in the U.S. Main Responsibilities - Shift hours are from 10:00am to 7:00pm Pacific Time. Analyst can be located in any US state. - Respond to, remediate, and document information security incidents not limited to dashboard (Advanced Threat Appliance & SIEM) alerts, tickets, emails, or phone calls. - Actively hunt the enterprise for insecure, suspicious, or malicious activity. - Review data that is processed within the SIEM to find incident evidence and suspicious events as well as out of scope events. - Verify and validate security notifications from both internal and external sources. - Identify and resolve incidents that are not defined by (or deviate from) an existing incident response guide. - Assist with significant incidents as needed or assigned, including outside of normal business hours. - Provide feedback for development and consistency of automated threat detection mechanisms. - Update and maintain response guides for accuracy. - Support Security projects to improve Cyber Defense Team or Lumen's security posture. - Demonstrate effective communication skills, both verbal and written. Qualifications - Bachelor’s in Computer Science, Engineering, or related field (or equivalent experience). - Strong understanding of security fundamentals: host/network hardening, networking protocols, intrusion techniques, and risk management. - Analytical/problem-solving skills across networking, operating systems, and malware analysis. - Relevant certifications (or willingness to obtain): Security+, CEH, OSCP, GCIH, CISSP, GPEN, GWAPT, GISEC, CISM, or CISA. - U.S.-based and able to obtain government suitability. - Strong communication skills; able to present technical concepts to both technical and non-technical audiences. - Experience with cloud security (AWS, Azure, GCP). - Broad knowledge of current and emerging technologies. Preferred Qualifications - 4+ years in incident response, forensics, risk assessments, application or network security. - Experience in network/firewall engineering, design, and implementation. - Familiarity with security tools (SIEM, IDS/IPS, endpoint protection). - Experience monitoring threats and performing initial triage. - Microsoft or UNIX/Linux administration. - Experience implementing controls to reduce risk and data exposure. - Scripting experience (Python or Perl). - Experience in large enterprise or carrier-scale environments. Compensation This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors. - $84,629 - $112,838 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, WY. - $88,860 - $118,480 in these states: CO, HI, MI, MN, NC, NH, NV, OR, RI. - $93,092 - $124,122 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, WA. Benefits - Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing.

• Design, execute, and lead end-to-end penetration tests across a wide range of environments • Conduct penetration testing across software-as-a-service and platform-as-a service environments • Perform AI and machine learning application security assessments • Simulate real-world adversarial attack scenarios • Conduct vulnerability assessments, threat modeling, and risk analysis • Develop and maintain custom exploits, scripts, and tooling • Perform social engineering, phishing simulations, and physical security assessments • Architect and build a comprehensive, scalable penetration testing program • Define penetration testing standards, methodologies, playbooks, and reporting templates • Establish key performance indicators and metrics for the program • Serve as the primary point of contact for all internal and external penetration testing engagements • Collaborate with Engineering, DevSecOps, IT, Risk, and Compliance teams • Manage relationships with third-party vendors • Present findings, risks, and remediation strategies to executive leadership

• Lead penetration testing engagements across web applications, APIs, and enterprise infrastructure • Perform advanced application security testing including business logic flaws and authentication weaknesses • Conduct internal and external network penetration testing • Lead Red Teaming engagements. • Perform threat modeling exercises (e.g., PASTA methodology) • Conduct cloud security assessments across AWS, Azure, and GCP • Perform mobile application security testing (Android and iOS) • Develop custom payloads and exploitation techniques • Produce detailed technical reports including proof-of-concept exploitation scenarios • Communicate technical findings and risk to client stakeholders • Mentor junior consultants during engagements • Contribute to internal research initiatives and security methodology improvements