Application Deadline: 07/12/2026 Address: 100 King Street West Job Family Group: Technology Job posting: We are building a modern, automation-first Security Operations capability focused on real-time detection and response to cyber threats where the majority of alerts are automatically enriched, triaged, or resolved with minimal analyst intervention. This role goes beyond traditional automation engineering. You will design and build autonomous workflows that combine detection logic, automation, and AI-assisted development into scalable, repeatable systems. Our team was tasked to reduce the investigation time and empower SOC analysts with qualitative and enriched alerts, giving them back the time they need to hunt real threats. Our current philisophy is to prioritize practical delivery over perfect initial solution—leveraging SOAR, Power-automate and GitHub Copilot to collaborate, experiment, and ship high-impact solutions quickly. What You’ll Do Build Autonomous Security Workflows Design, produce and manage end-to-end automation that enhance detection via enrichment, triage, response, containment or auto closure. Navigate across multiple security platforms (ServiceNow, Splunk ES, CrowdStrike) to improve signal to noise ratio and reduce mean time to respond and contain. AI-Driven Workflow Development Design LLM-generated & enriched workflows combined with deterministic logic for reliability across multiple stacks (Splunk SOAR playbooks, Python scripts, Power Automate) Build multi-step, agent-like flows that enrich alerts, validate data, and support automated triage decisions Apply detection-as-code principles such as version-controlled workflows, CI/CD pipelines, testing, validation, and peer review. Collaboratively build resilient and audit ready solutions Partner with detection engineers and SOC analysts to operationalize detections with automation workflows and improve triage speed and response consistency Use GitHub Copilot daily to accelerate development and prototyping Apply strong judgment on when to use LLM-based vs traditional code and how to ensure outputs are reliable, auditable, and repeatable Collaborate primarily through GitHub (repos, PRs, code reviews) as the single source of truth, as well as shared libraries, reusable workflow patterns, agent/workflow templates. Solve Complex Integration Problems Reverse-engineer APIs and integrations when documentation is limited Handle real-world challenges related to Authentication (OAuth, tokens), pagination, retries, rate limits, data normalization and enrichment Support building and maintaining an automation library and a stable automation platform. Design workflows resilient to API failures, partial data, third-party instability Must-Have Typically a post-secondary degree in Computer Science, Engineering, Information Systems, Information Security and between 2-4 years of relevant experience in either Security automation OR AI powered program development OR Detection engineering environments Proven ability to build and ship automation end-to-end Experience integrating systems via APIs (REST/JSON, auth patterns) Hands-on GitHub experience (PRs, branching, collaboration) Daily use (or strong experience) with GitHub Copilot or similar AI coding tools Ability to work in ambiguous, evolving environments and still deliver solutions Highly Valuable (What Sets You Apart) Experience designing AI-driven workflows or agent-style systems Understanding of Prompt design coupled with structured output as well as orchestration patterns (multi-step, validation loops, fallback, retry) Ability to combine AI capabilities with deterministic logic (Python, rules, validation layers) Strong intuition to distinguish when AI adds value vs when it adds risk or cost How You Work Builder mindset: you prototype, ship, and iterate quickly Pragmatic security engineer: you choose the simplest solution that works while considering risks Data driven: you seek continuous improvement based on metrics observation (success rate, failures pattern) Curious and experimental: you actively explore new tools and approaches Ownership-driven: you take initiative to unblock yourself, you self identify automation opportunities with high impact on detection coverage, analyst time to resolve and respond. Why This Role Build the next generation of security workflows Shape how AI is practically used in a SOC environment Work in a team that values: Speed with risk-aware execution Ownership Real impact via simplified processes Salary: $82,800.00 - $154,800.00 Pay Type: Salaried The above represents BMO Financial Group’s pay range and type. Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group’s expected target for the first year in this position. BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards About Us At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world. As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset. To find out more visit us at https://jobs.bmo.com/ca/en. BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter. Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes. BMO is a leading bank driven by a single purpose: to Boldly Grow the Good in business and life. Everywhere we do business, we’re focused on building, investing and transforming how we work to drive performance and continue growing the good. Who we are We’re proud to be fueling growth and expanding possibilities for individuals, families and businesses. More than 12 million customers count on us for personal and commercial banking, wealth management and investment services. As the 8th largest bank in North America by assets, we provide personal and commercial banking, wealth management and investment services to more than 12 million customers. In Canada, the United States and across the globe, we’ll continue to build, invest and transform to drive performance that serves the good that grows.