Info Security Engineer – Intermediate Level (Member Identity and Access Management)

USAA•Plano, TX

1d•Hybrid

About The Position

As a dedicated Security Engineer - Intermediate Level for Member Identity and Access Management, you will join a fast-paced team within the Member Protection Technology organization at USAA. As an engineer working within the Identity Proofing domain, you will implement high-impact solutions and collaborate with a strong team to deliver enhanced identity proofing solutions that will help improve our member validation/verification posture. This is your opportunity to be part of a mission-driven company while working in an agile, fast-paced environment. You will be expected to work with a modern tech stack – including Jave, APIs, OpenShift, and a wide range of test driven development tools. Within defined guidelines and frameworks, conducts software and systems engineering to develop new capabilities, ensuring Information Security is integrated across the association. Conducts comprehensive technology research to evaluate potential vulnerabilities in USAA systems. Identifies and manages existing and emerging risks that stem from business activities and ensures risks associated with business activities are effectively identified, measured, monitored, and controlled. Installs, configures, troubleshoots, and maintains hardware and software. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position will be based in our Plano, TX facility. Relocation assistance is not available for this position.

Requirements

Bachelor's degree; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree.
2 years of related experience in Security Engineering and/or Information Technology with a security focus to include demonstrated experience leading company-wide technology projects or initiatives.
1 year of experience delivering technology solutions in all phases of a solution development lifecycle.
Working experience with modern programming/scripting languages and frameworks.
Developing experience implementing security engineering activities utilizing modern DevSecOps practices.
Developing experience with platform engineering concepts on security best practices in infrastructure/policy as code, security architecture design patterns, security vendor integrations, and CI/CD pipelines with built in application security controls.
Familiarity with cloud and emergent technologies such as: Public Cloud, Containerization, Security Data Lakes, ML/LLMs, GenAI, etc.

Nice To Haves

Java platform API experience: experience in Java and common frameworks such as Spring Boot, with demonstrated experience building enterprise-level applications and knowledge of site reliability principles.
Hands-on experience with Apache Kafka in production environments, including implementing event-driven capabilities and real-time data streaming solutions.
Understanding and hands-on experience with container orchestration technologies like OpenShift.
Build, Version Control, and CI/CD: Working experience with build frameworks like Gradle or Maven, version control systems (Git), and CI/CD frameworks, particularly GitLab CI.

Responsibilities

Responsible for ensuring that security requirements are adequately addressed in all aspects of a solution/application enablement and sustainment lifecycle.
Design, develop, code, integrate, and test complex cross functional technical solutions with a focus on security, often collaborating with Engineers or Architects within the team/department.
Developing comprehension of Site Reliability Engineering practices in their domain.
Monitors and troubleshoots systems, tools, and vendor integrations.
Supports continuous research, analysis, and troubleshooting to identify, resolve, and report on security issues.
Collaborates with Security Analysts, IT and Business Partners to tune, harden, and enhance Security solutions and technologies to keep up with the latest trends and threats.
Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures.