Security Controls Automation Engineer - PIPELINE

lecting profiles for upcoming opportunities.

As an Information Security Controls Automation Specialist, you will be part of a team. This team evaluates and tests the effectiveness of security controls, both on-premises and in the cloud. The goal is to ensure they are robustly designed and implemented to safeguard Experian's assets. You will automate the review of security controls by reducing manual effort and increasing assessment efficiency.

You will blend cybersecurity governance, risk and compliance (GRC) and automation engineering to refine evidence collection and control validation crucial for supporting the security organization's control assurance program. You will collaborate with control owners, engineers, and the security control assurance team to identify automation opportunities. You will implement scripts or integrations for both on-prem and cloud environment tools, and validate outputs against the security controls and defined test steps.

Reporting to the Information Security Control Assurance Senior Manager.

Summary of Primary Responsibilities

• Analyze and automate existing manual test steps for assessing operating effectiveness of security controls in both cloud and on-prem environments

• Develop automated control mechanisms (e.g. scripts, APIs, compliance dashboards), integrating validation logic into CI/CD pipelines, cloud environments, and endpoint tools.

• Ensure control monitoring (CCM) by developing reusable logic and ensuring automated controls produce evidence fit to support control assessments.

• Develop dashboards visualizing compliance status and resolve platform integration errors.

• Analyze false positives and lead remediation of those indicators.

• Maintain a control automation backlog and document all automated control logic, control mappings and system configurations.

Qualifications

• 5+ years of experience in automation development.

• A bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.

• Knowledge of security tooling (e.g. SIEM, Identity and Access Management platforms, DLP), cloud platforms (AWS, GCP, Azure), Infrastructure as Code (Terraform) and scripting languages (e.g. Python). Experience with workflow platform such as tines.io is beneficial.

• Knowledge of cloud architecture and cybersecurity domains and principles.

• Professional certification such as AWS Solutions Architect, CCSP, CISSP, CRISC, ISO 27001 Lead Auditor, or equivalent.

• Experience with information security control testing methodologies, information security risk assessments, and auditing tools is beneficial.

• Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, and MS Defender is beneficial.

• Hands-on experience with API integrations and scripting (e.g. Python, PowerShell, JavaScript).

• Experience with IT Service Management, DevOps, Identity and access management, ERP systems (e.g., SAP, Oracle) and GRC tools are beneficial.

• Experience using automation, data-driven testing techniques and generative AI to gain efficiency in control assurance.

Additional Information

This is a permanent home-based role in Costa Rica. No relocation available.

Our benefits include: Medical, life, vision and dental insurance, Asociacion Solidarista, International Share Save Plan, Flex Work/Work from home, Paid time off, Birthday day off, Annual Performance Bonus, Education Reimbursement, Family Bonding, Bereavement Leave, Referral Program, and more.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

#LI-Remote

This is a remote position.