Principal Engineer III - Cyber

Western Alliance Bank•Columbus, OH

About The Position

The Principal Engineer III reports within the Information Security organization and is responsible for ensuring that our operational designs, processes, procedures and technology are deployed in manner that meet cyber security standards. This role is critical in ensuring the security, compliance, and resilience of our Azure & AWS-hosted infrastructure and services. The ideal candidate will be a strategic thinker and technical leader, capable of both guiding secure cloud architecture and diving into technical implementations. They will develop and enforce cloud security baselines, guardrails, and automation for threat detection and response. Lead threat modeling reviews, security risk assessments, and cloud configuration reviews across the cloud environments. The Principal Engineer III will represent Information Security during business project initiation, technology architecture, design and lifecycle management of the Bank's technology and security infrastructure providing oversight, guidance, security consulting and evaluation of security posture. This position requires a subject matter expert who will provide thought leadership and collaborate with various stakeholders across the Western Alliance enterprise. Evaluate proposed systems, networks, and software designs for security risks. Recommend mitigations and resolve integration issues to ensure secure implementation within existing infrastructure. Develop, manage, and communicate a comprehensive enterprise-wide cloud secure by design strategy, aligning with organizational goals and stakeholder expectations. Lead cybersecurity risk assessments, drive mitigation efforts, manage incident response planning, and collaborate with cross-functional teams to support secure design decisions across the organization. Developing strategies for operational security, including security of data and Azure and AWS services and workloads. Responding swiftly to any security incidents and providing thorough post-event analyses. Staying updated with the latest security trends, threats, and control measures Maintaining compliance with legal and regulatory requirements pertaining to information security, privacy, and data protection. Engage with business and IT project teams to enforce security standards, offer solutions to applicable security risks and ensure resiliency is built into new project or applications design, engineering, and implementations. Engage with the IT Risk Committee(s) to review and opine on requested exceptions and risk acceptance rationale. Actively drive security, data privacy, business continuity and disaster recovery resiliency goals in project and product deployments as part of project teams and Architectural Standard Board. Provide oversight, review and approval of technology readiness checklist as a member of the Technical Review Board. Perform annual Swift and Fedline self-assessment and attestation processes according to industry requirements. Contributes to the continual development of information security policies and standards. Supports team in the management of security measures and controls over existing operating systems including configuration management, and CIS Standards. Contribute to the development and refinement of key risk indicators and metrics to measure the effectiveness of the cyber security program.

Requirements

12+ years of combined experience in information security, cloud security, and/or risk management with a focus on designing and implementing secure cloud computing solutions.
Bachelor's degree in related field required; Masters or MBA in related field preferred.
Deep expertise in Azure / AWS cloud security, including hands-on experience with tools like Azure Security Center and Microsoft Defender for Cloud.
In-depth knowledge of API security such as: OAuth, OpenID, REST, SOAP, GraphQL with the ability to define secure API design patterns and advocate for best practices.
Proficiency in at least one scripting language such as Python, PowerShell, or Bash desired.
Technology or Security in a large-scale Fortune 100 financial services and or $100B + asset size bank.
Extensive background in technology infrastructure and architecture, design and engineering with a focus on Security and Operational Resiliency and risk mitigation techniques.
Experience in data networking, authentication, Azure / AWS cloud management, vulnerability and CIS compliance management, web application firewalls, network segmentation/zoning, load balancing.
Excellent analytical and problem-solving skills, with the ability to assess complex situations and develop effective solutions.
Exceptional communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels.
Strong leadership and project management skills, with experience leading cross-functional teams.
CLOUD TECHNOLOGY - 3 or more Azure or AWS Certifications is required.
CYBER SECURITY - 3 or more of the following required: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security+, Offensive Security Certified Professional (OSCP), GIAC Security Essentials (GSEC), GIAC Certified Incident Handler (GCIH), Certified Cloud Security Professional (CCSP), Certified in Risk and Information Systems Control (CRISC).
GENERIC COMPUTING - 3 or more of the following required: CompTIA A+, CompTIA Linux+, CompTIA Network+, Comptia Server+, CompTIA IT Fundamentals, Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified: Security, Compliance, and Identity Fundamentals, Microsoft Certified: Windows Server Hybrid Administrator Associate, Microsoft Certified: Azure Network Engineer Associate, RHCSA, RHCE, RHCS - Linux Performance Tuning, RHCS-Identity Management, RHCS-Linux Diagnostics and Troubleshooting, RHCS-Developing automation with Ansible.
Previous leadership experience required.
Advanced to expert knowledge of general Financial Services or Banking is preferred.
Expert understanding that downstream business-critical processes are dependent on the availability and reliability of data, designs new (and refactors existing) cyber defense, auditing, and access platforms to meet growth by scaling, service reliability requirements and problem management.
Expert understanding and experience working with downstream business-critical processes that are dependent on the availability and reliability of data, designing new (and refactor existing) cyber defense, auditing, and access platforms through scaling, service reliability requirements and problem management.
Knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards and practices.
Expert experience or knowledge of 4 or more of the following: NIST of MITRE (and the administration of either or any IT Automation platform), SOAR, Firewall, IAM platform, SIEM, or cloud cyber defense platform.
Experience gathering operational reports on utilization, capacity, performance and anomalies to drive improvements.
Expert speaking and writing communication skills.

Nice To Haves

Masters or MBA in related field preferred.
Proficiency in at least one scripting language such as Python, PowerShell, or Bash desired.
Advanced to expert knowledge of general Financial Services or Banking is preferred.

Responsibilities

Ensuring that operational designs, processes, procedures and technology are deployed in manner that meet cyber security standards.
Develop and enforce cloud security baselines, guardrails, and automation for threat detection and response.
Lead threat modeling reviews, security risk assessments, and cloud configuration reviews across the cloud environments.
Represent Information Security during business project initiation, technology architecture, design and lifecycle management of the Bank's technology and security infrastructure providing oversight, guidance, security consulting and evaluation of security posture.
Evaluate proposed systems, networks, and software designs for security risks.
Recommend mitigations and resolve integration issues to ensure secure implementation within existing infrastructure.
Develop, manage, and communicate a comprehensive enterprise-wide cloud secure by design strategy, aligning with organizational goals and stakeholder expectations.
Lead cybersecurity risk assessments, drive mitigation efforts, manage incident response planning, and collaborate with cross-functional teams to support secure design decisions across the organization.
Developing strategies for operational security, including security of data and Azure and AWS services and workloads.
Responding swiftly to any security incidents and providing thorough post-event analyses.
Staying updated with the latest security trends, threats, and control measures
Maintaining compliance with legal and regulatory requirements pertaining to information security, privacy, and data protection.
Engage with business and IT project teams to enforce security standards, offer solutions to applicable security risks and ensure resiliency is built into new project or applications design, engineering, and implementations.
Engage with the IT Risk Committee(s) to review and opine on requested exceptions and risk acceptance rationale.
Actively drive security, data privacy, business continuity and disaster recovery resiliency goals in project and product deployments as part of project teams and Architectural Standard Board.
Provide oversight, review and approval of technology readiness checklist as a member of the Technical Review Board.
Perform annual Swift and Fedline self-assessment and attestation processes according to industry requirements.
Contributes to the continual development of information security policies and standards.
Supports team in the management of security measures and controls over existing operating systems including configuration management, and CIS Standards.
Contribute to the development and refinement of key risk indicators and metrics to measure the effectiveness of the cyber security program.