Information Security Engineer - Mid Level

USAA•Plano, TX

1d•Hybrid

About The Position

As a dedicated Security Engineer, you will join a fast-paced team within the Member Protection Technology organization at USAA. As an engineer working on Identity and Access Management technical services, you will design and implement high-impact solutions and collaborate with a strong team to deliver scalable, high-quality software. This is your opportunity to be part of a mission-driven company while working in an agile, fast-paced environment that values innovation and bold thinking. You’ll work with a modern tech stack—including Java, APIs, event-driven systems, OpenShift, and a wide range of USAA and industry technologies—to help keep USAA at the forefront of security technology. Conducts software and systems engineering to develop new capabilities, ensuring Information Security is integrated across the association. Conducts comprehensive technology research to evaluate potential vulnerabilities in USAA systems. Identifies and manages existing and emerging risks that stem from business activities and ensures risks associated with business activities are effectively identified, measured, monitored, and controlled. Installs, configures, troubleshoots, and maintains hardware and software. We offer a flexible work environment that requires an individual to be in the office 4 days per week. This position will be based in our Plano, TX facility. Relocation assistance is not available for this position.

Requirements

Bachelor's degree; OR 4 years of related experience (in addition to the minimum years of experience required) may be substituted in lieu of degree.
4 years of related experience in Security Engineering and/or Information Technology with a security focus to include experience leading driving company-wide technology projects or initiatives.
2 years of experience delivering technology solutions in all phases of a solution development lifecycle.
Working experience with modern programming/scripting languages and frameworks.
Experience implementing security engineering activities utilizing modern DevSecOps practices.
Demonstrated ability to support complex production issues by troubleshooting applications and systems.
Experience working with platform engineering concepts on security best practices in infrastructure/policy as code, security architecture design patterns, security vendor integrations, and CI/CD pipelines with built in application security controls.
Experience implementing event driven security architecture, methods, and controls.
Experience with implementing security architecture, methods, and controls required to meet security, compliance, and audit requirements.
Familiarity with cloud and emergent technologies such as: Public Cloud, Containerization, Security Data Lakes, ML/LLMs, GenAI, etc.

Nice To Haves

Java platform API expertise: Extensive experience in Java platform API development, including building enterprise-level applications, with a strong focus on performance and site reliability engineering.
Access Management technology: Extensive experience with solutions such as ForgeRock Access Management or Ping Identity to securely orchestrate customer business workflows and access to APIs.
API Design and Containerization: Proven ability to design, develop, and implement robust APIs using Spring Boot and Docker, ensuring container-based applications are scalable and secure.
Kafka and Data Streaming: Proven experience with Apache Kafka, including designing and implementing event-driven architectures and real-time data streaming solutions.
Cloud Infrastructure Proficiency: Deep knowledge and hands-on experience with container orchestration technologies like OpenShift and even better if you have worked with cloud platforms such as AWS.
Test-Driven Development (TDD): A strong background in Test-Driven Development and experience with automated testing frameworks to ensure code quality and reliability.
Build, Version Control, and CI/CD: Working experience with build frameworks like Gradle or Maven, version control systems (Git), and CI/CD frameworks, particularly GitLab CI.

Responsibilities

Responsible for ensuring that security requirements are adequately addressed in all aspects of a solution/application enablement and sustainment lifecycle.
Design, develop, code, integrate, and test complex cross functional technical solutions with a focus on security, often collaborating with Engineers or Architects within the team/department.
Supports code/design reviews and engineering efficiencies to ensure effective operations and accurate planning.
Supports the resolution of production issues and troubleshooting of end-to-end solutions that span multiple applications and systems.
Works with architecture to help define directions for cross functional or highly complex key technologies within a specific security domain.
Drives community impact through active participation in internal training outlets.
Leverages Site Reliability Engineering practices in their domain.
Monitors and troubleshoots highly complex systems, tools, and vendor integrations.
Supports continuous research, analysis, and troubleshooting to identify, resolve, and report on highly complex security issues.
Collaborates with Security Analysts, IT and Business Partners to tune, harden, and enhance Security solutions and technologies to keep up with the latest trends and threats.
Ensures risks associated with business activities are effectively identified, measured, monitored, and controlled in accordance with risk and compliance policies and procedures.