Senior Cloud Automation Security Engineer -

Work Location Type: Hybrid  

Req Number  324892

About Grainger:

W.W. Grainger, Inc., is a leading broad line distributor with operations primarily in North America, Japan and the United Kingdom. At Grainger, We Keep the World Working® by serving more than 4.5 million customers worldwide with products and solutions delivered through innovative technology and deep customer relationships. Known for its commitment to service and award-winning culture, the Company had 2024 revenue of $17.2 billion across its two business models. In the High-Touch Solutions segment, Grainger offers approximately 2 million maintenance, repair and operating (MRO) products and services, including technical support and inventory management. In the Endless Assortment segment, Zoro.com offers customers access to more than 14 million products, and MonotaRO.com offers more than 24 million products. For more information, visit www.grainger.com.  

Compensation:

The anticipated base pay compensation range for this position is $110,500.00  to $184,100.00.

Rewards and Benefits:

With benefits starting on day one, our programs provide choice and flexibility to meet team members' individual needs, including:

• Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
• 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
• 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
• Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
• Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.

For additional information and details regarding Grainger’s benefits, please click on the link below:

https://experience100.ehr.com/grainger/Home/Tools-Resources/Key-Resources/New-Hire

The pay range provided above is not a guarantee of compensation.  The range reflects the potential base pay for this role at the time of this posting based on the job grade for this position. Individual base pay compensation will depend, in part, on factors such as geographic work location and relevant experience and skills.   

The anticipated compensation range described above is subject to change and the compensation ultimately paid may be higher or lower than the range described above. 

Grainger reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion at any time, consistent with applicable law.

Position Details:

Grainger is seeking a Security Engineer (InfoSec) III – Cloud and Automation with proven experience in script development and DevOps best practices. This mid-level engineering role is responsible for designing and implementing custom scripts and automation to streamline InfoSec administrative tasks, complex remediations, and enhance monitoring and visibility. The ideal candidate will be well-versed in security engineering concepts, thrive in a cross-functional engineering environment, possess deep AWS cloud security skills, and proactively identify and mitigate security risks. A commitment to continuous improvement and innovation in security automation is essential.

As a Security Engineer (InfoSec) III – Cloud and Automation you will protect Grainger assets by implementing and maintaining advanced scripts and automation. You will collaborate closely with other Information Security functional teams and other stakeholders to make smart long-term decisions.

You will report to the Senior Manager of Information Security Engineering.

You will:

• Requirement Analysis: Translate security objectives into automation requirements, solution designs, and measurable success criteria.
• Translate AWS-specific security objectives (e.g., detection of misconfigurations, policy violations, and suspicious activity) into automation requirements and custom detection logic using AWS native services (Wiz Cloud, Config, Security Hub, GuardDuty, Macie, Inspector).
• Script Development (Python & PowerShell): Build reliable automations for InfoSec tasks, remediations, health checks, and policy changes, following secure coding practices and peer reviews.
• Orchestration with AAP & AWS Lambda: Design and maintain Ansible Automation Platform (inventories, playbooks, workflows, RBAC, job templates) and build/operate AWS Lambda automations (packaging/layers, IAM roles, EventBridge/SQS/API Gateway triggers, rollbacks).
• DevOps for Automation: Use Git and CI/CD to lint, test, and package AAP content, Python modules, Terraform, and Lambda code; enforce code quality gates and artifact management.
• Integration Engineering & Web Services: Connect automations to Splunk and Google SecOps, and integrate with external web services (REST/webhooks) as data sources/targets using secure authentication (OAuth/OIDC), idempotency, and robust error handling/backoff.
• AI‑Assisted Engineering & Automation: Apply enterprise‑approved AI to accelerate development (code scaffolding, unit tests, static review) and enhance automations (enrichment, deduplication, summarization, correlation).
• Detection & Response Automation: Orchestrate enrichment, triage, and containment from Google SecOps to reduce MTTR; maintain clear runbooks with approvals where needed.
• Infrastructure & Policy as Code: Use Terraform to codify security controls and automation infrastructure across AWS and on‑prem (IAM, networking, SQS/EventBridge, API Gateway, Lambda), applying least privilege and secrets management.
• Cloud Investigations & Queries (AWS): Develop custom queries and investigations using CloudWatch Logs Insights, CloudTrail, VPC Flow/ALB logs to support detections, forensics, and reporting.
• Monitoring, SRE & Observability: Instrument automations with logs/metrics/traces; build Datadog monitors/dashboards and Zenos health models/alerts; integrate with CloudWatch, Splunk, AWS QuickSight, and Power BI to track SLOs/SLAs, error budgets, and detect failures.
• Compliance & Auditability: Produce auditable evidence (AAP logs, Lambda/CloudWatch logs, approvals, artifact hashes) to support regulatory and internal controls.
• Troubleshooting & Support: Resolve pipeline, serverless/runtime, and integration issues quickly; implement durable fixes with minimal operational disruption.
• Collaboration & Enablement: Partner with Security, Infrastructure, and Product Engineering teams to prioritize and deliver roadmap outcomes; document code/APIs/runbooks and publish reusable modules/templates.

You have:

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or equivalent experience.
• 5+ years in IT/InfoSec with a focus on automation and integrations.
• 3+ years scripting in Python and PowerShell for security automation.
• Deep experience with AWS Security Hub, GuardDuty, and Wiz Cloud Security.
• Hands-on experience with Ansible Automation Platform, AWS Lambda, and Terraform.
• Skilled in integrating monitoring and security platforms (Splunk, Google SecOps, Datadog).
• Experience translating architectural designs into functional and secure operational deployments.
• Familiarity with AI-assisted development and secure coding practices.
• Strong observability skills using Datadog, Zenos, CloudWatch, QuickSight, and Power BI.
• Knowledge of AWS telemetry (CloudTrail, VPC Flow Logs) for investigations.
• Comfortable with Agile, Git workflows, CI/CD pipelines, and code reviews.
• Preferred certifications: AWS Security, Terraform Associate, Splunk, GIAC, CISSP

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace.

We are committed to fostering an inclusive, accessible work environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one’s employment, should you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview or hiring process, please advise us so that we can provide appropriate assistance.