Sr. Security Engineer

About The Position

Requirements

• 5+ years in security engineering, security operations, or a combined SecOps/program role
• Must be authorized to work in the United States and be US-based
• Hands-on experience operating cloud security tooling in AWS environments
• Proficiency in at least one scripting or programming language — Python strongly preferred
• Experience building dashboards, writing queries, and tuning alerts in a SIEM platform
• Strong working knowledge of vulnerability management and incident response lifecycles
• Experience supporting compliance frameworks: SOC 2, PCI DSS, or equivalent
• Demonstrated use of AI and ML tooling in a professional security context
• Track record of mentoring or upskilling peers in technical disciplines
• Strong written communication skills — equally effective writing for engineers and executives
• Comfortable with occasional after-hours availability for critical security incidents

Nice To Haves

• Experience with GRC platforms: compliance automation, risk management, or audit evidence tooling
• Exposure to IGA and PAM concepts and tooling
• Security certifications: CISSP, CISM, AWS Security Specialty, or GIAC (GCIH, GCED, or similar)
• Background in fintech, lending, or regulated financial services
• Contributions to security tooling, open-source projects, or internal platform engineering
• Experience with SOAR platforms or automated response workflows

Responsibilities

• Secure and Operate the Cloud Environment: Own cloud security posture across multi-region AWS environments — continuously assess, harden, and improve. Operate the full security toolset: CSPM, SIEM, vulnerability management, network security, ZTNA, DLP, EDR, and endpoint management. Drive the vulnerability management lifecycle end to end: scan cadence, prioritization, remediation SLAs, and reporting. Manage identity and access infrastructure in collaboration with IT, spanning MFA, IAM, IGA, privileged access, and credential management. Lead the buildout of a Privileged Access Management (PAM) program. Support ongoing cloud migration security workstreams. Monitor threat intelligence and external attack surface signals; translate findings into prioritized action.
• Lead and Respond to Incidents: Serve as a primary responder for security incidents — triage, contain, eradicate, and recover with urgency and discipline. Own incident response process maturity: playbook development, evidence chain of custody, forensic readiness, and post-incident reviews. Be available for occasional after-hours response when critical incidents arise.
• Build, Automate, and Elevate the Team: Set the coding and AI standard for the InfraSecOps team — write tools, automate workflows, and actively mentor peers in modern security engineering practices. Build and maintain automation for alert triage, compliance evidence collection, asset inventory, and security metrics. Develop API integrations between security tools to eliminate manual handoffs and improve data fidelity. Contribute to security-as-code practices: IaC security reviews, CI/CD pipeline hardening, and software supply chain controls. Champion AI-native tooling across the team; evaluate and implement AI-assisted detection, threat hunting, and response capabilities. Build and contribute to Agentic AI frameworks within the security program. Stay current on AI security risks — prompt injection, model abuse, shadow AI — and turn awareness into practical controls.
• Own the Security Program Within Your Domain: Maintain the security program roadmap and key results for your domain, including compliance attestation timelines and remediation SLA adherence. Track and mature the security tool portfolio: monitor adoption, measure effectiveness, and drive continuous improvement. Maintain risk registers and GRC platforms; ensure findings are triaged and resolved within SLA. Coordinate audit evidence collection for SOC 2 Type II, PCI DSS 4.0, and CyberEssentials+. Contribute to executive and board-level security reporting — translate operational data into clear program narratives. Drive cross-functional follow-through with Engineering, IT, Data, and PMO on security workstreams.

Benefits

• Generous paid time off
• Competitive medical, dental & vision coverage
• 401K with company match for US
• Company-paid life insurance
• Company-paid short-term and long-term disability
• Access to mental health and wellness resources
• Company-paid volunteer time to do good in your community
• Legal coverage and other supplemental options