Security Engineer

About The Position

Requirements

• Strong understanding of at least three areas of the modern security stack: SIEM, EDR/XDR, SOAR, CSPM, IAM, or vulnerability management.
• Experience in cloud security (AWS, Azure, or GCP) and implementing security controls across cloud platforms.
• Experience with security assessments, architecture design, and risk-based security implementation.
• Familiarity with standards/frameworks: NIST CSF, HITRUST, ISO 27001/27002, COBIT, ITIL, CIS.
• Proficient in scripting/automation (e.g., Python, PowerShell) and integrating APIs.
• Experience with penetration testing, ethical hacking, or advanced threat detection tools.
• Ability to support compliance requirements and perform security reviews for internal and external stakeholders.
• Experience building or managing a security tool governance or maturity framework.
• Strong project management, reporting, and stakeholder communication skills.
• Analytical mindset with the ability to break down complex problems.
• Strong written and verbal communication skills — technical and non-technical audiences.
• Proven ability to work independently and as part of a team.
• Flexible and adaptable to evolving business and technical priorities.
• Passion for continuous learning and measurable security outcomes.
• 3-7 years of hands-on experience in Security Engineering, SOC Engineering, or DevSecOps.
• Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures or governmental regulations.
• Ability to write reports, business correspondence and procedure manuals.
• Ability to effectively present information and respond to questions from a variety of both internal and external sources.

Nice To Haves

• Certifications such as GDSA, GCIA, AWS Security Specialty, CISSP, CISM, or similar.
• Familiarity with MITRE ATT&CK, secure coding practices, and modern DevSecOps workflows.

Responsibilities

• Tool Ownership & Security Architecture: Own the lifecycle of security platforms including EDR/XDR, SIEM, SOAR, CSPM, IAM, and vulnerability management. Integrate and automate security tools and workflows across IT, cloud, and SOC environments. Continuously tune alerting, dashboards, and policies to reduce noise and improve signal quality. Maintain security control maps and maturity metrics.
• Security Maturity & Measurement: Build and maintain RevSpring's Security Tool Maturity Roadmap. Track and report key performance indicators (KPIs) and return on investment (ROI) for all tools. Map control capabilities to frameworks such as NIST CSF, HITRUST, ISO 27001, and CIS Controls. Identify coverage gaps and eliminate redundant tools.
• Security Engineering & Compliance: Conduct regular security risk assessments and audits across systems, applications, and networks. Design and implement new security solutions, collaborating closely with infrastructure, cloud, and AppSec teams. Support and maintain compliance with HIPAA, HITRUST, PCI-DSS, SOX, NIST, and GLBA. Formulate and manage IT security incident response strategies.
• Automation & Enablement: Develop scripts and integrations using Python, PowerShell, Bash, and REST APIs to automate security operations. Embed security controls into CI/CD pipelines and infrastructure as code. Maintain documentation, runbooks, and diagrams to support repeatable security improvements.
• Governance & Cross-Functional Collaboration: Partner with procurement, risk, and compliance teams to manage tool renewals, licensing, and governance. Communicate security tool performance, maturity, and improvements to leadership in clear, data-driven ways. Translate complex technical issues into business-relevant language.