Senior Security Engineer

Senior Security Engineer

Requirements

• Minimum of 5 years of combined experience in Security Engineering, GRC, or related roles in an enterprise or cloud-native environment.
• Bachelor’s degree in Computer Science, Information Security, or related field (or 7+ years of relevant experience in lieu of degree).
• Strong foundation in one or more programming/scripting languages (e.g., Python) for automation and tooling.
• Hands-on experience implementing and managing security controls (SIEM, SOAR, EDR, IDS/IPS, IAM).
• Demonstrated ability to evaluate and secure cloud infrastructure using IaC tools (e.g., Terraform, CloudFormation).
• Proficiency in threat detection, incident response, and investigation methodologies (familiarity with MITRE ATT&CK).
• Working knowledge of key security standards and regulations (e.g., NIST CSF, ISO 27001, HIPAA, PCI-DSS, GDPR).
• Experience executing audits, risk assessments, and managing compliance programs; familiarity with GRC platforms preferred.
• Ability to develop meaningful security metrics and translate technical details into business-impact language.

Responsibilities

• Architect and deploy tools and processes that strengthen our infrastructure and corporate security posture in cloud-native (AWS), containerized (Kubernetes/Docker), and on-prem environments.
• Engineer and maintain controls across multiple security domains (e.g., Endpoint Detection and Response, Cloud Detection and Response, CI/CD, SIEM, IAM, PKI, etc.).
• Develop and refine security detection rules, playbooks, and workflows to respond to threats in real time.
• Build integrations and automated pipelines leveraging DevOps/SecOps tools (e.g., Python scripting, APIs, webhooks) to accelerate investigation and remediation.
• Triage and investigate security alerts and incidents, leading cross-functional coordination when required.
• Drive the continuous improvement of incident response processes and technologies used for detection and containment.
• Lead risk management efforts by conducting risk assessments, third-party vendor reviews, and compliance checks against frameworks (e.g., ISO, NIST, PCI, HIPAA).
• Develop and maintain security metrics (KRI/KPI/OKR) to communicate program effectiveness and inform strategic decisions.
• Contribute to audits, assessments, and certification processes; maintain and optimize GRC tooling to manage evidence gathering and continuous monitoring.
• Draft and evolve security policies, standards, and documentation in alignment with regulatory requirements and industry best practices.
• Partner with Product, Engineering, Legal, and other business teams to embed security requirements into new and existing features.
• Provide threat modeling and security architecture guidance to software development teams to ensure secure design from the ground up.
• Participate in proactive threat hunting and vulnerability management programs to reduce risk exposure.
• Remain current on industry trends, emerging threats, and new security technologies.
• Act as an internal champion for security awareness, training, and best practices across the organization.

Preferred Qualifications

• Familiarity with GRC platforms preferred.