Reduce third-party risk exposure: improve our current third-party risk assessment process to identify high-risk vendors using AI tools or automation.
Implement comprehensive security logging and monitoring: ensure complete logging coverage across critical systems and deliver dashboards and metrics. Manage our SIEM, creating and responding to alerts.
Create, maintain, and update company policies. Work with auditors during the annual SOC 2 audit.
Improve our vulnerability and patch management: Create secure configuration baselines for servers, endpoints, and cloud.
Awareness training: Create a full-year program that includes phishing campaigns and awareness training.
Design and Implement Security Controls: Design, implement, and maintain security tools and technologies, including SIEM, EDR, firewalls, IDS/IPS, and DLP, to protect sensitive data.
Incident Response and Threat Detection: Lead threat detection efforts, incident response, and forensic investigations.
Vulnerability Management: Perform threat modeling and static/dynamic vulnerability assessments, and develop and implement remediation strategies for identified flaws (e.g., OWASP Top 10).
Compliance and Auditing: Ensure compliance with regulations and frameworks. Participate in audits and provide necessary evidence and remediation plans.
Secure Development Lifecycle (SDLC): Collaborate with engineering and DevOps teams to integrate security into CI/CD pipelines and promote secure coding best practices.
Automation and Scripting: Develop automated solutions and use scripting (Python, PowerShell, Bash) to streamline security operations and monitoring processes.
Mentorship and Leadership: Provide technical direction and mentorship to junior team members, helping foster a strong, organization-wide security awareness culture.

Requirements

Experience: 5+ years of experience in a dedicated information security engineering role, preferably within the financial services or a highly regulated industry.
Technical Expertise: Strong working knowledge of network security fundamentals (TCP/IP, UDP, HTTP), cloud security models (AWS/GCP), and identity and access management (IAM, SSO, MFA).
Tools and Technologies: Hands-on experience with enterprise security tools, including SIEM platforms, vulnerability scanners, and EDR solutions.
Regulatory Knowledge: Deep understanding of cybersecurity frameworks such as NIST CSF, and the MITRE ATT&CK framework.
Problem-Solving: Excellent analytical and problem-solving skills, with the ability to translate complex technical concepts into clear, actionable recommendations for various stakeholders.
Certifications: Relevant security certifications are highly desirable, such as CISSP, CISM, or GIAC.
Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related technical field.

Benefits

Competitive salary.
Hybrid work arrangement if located in the Phoenix or New York area; otherwise, fully remote.
Excellent medical, dental, and vision insurance options, with low-cost premium structures that demonstrate our commitment to offering great value to our employees.
100% company-paid basic life insurance, short-term and long-term disability insurance.
100% paid parental leave upon eligibility.
Company equity managed through Carta.
401k with match and 100% vesting upon hire.
Flexible PTO in an environment where taking time off to relax or recharge is supported and encouraged.
Take time off for holidays—and yes, your birthday counts too. Celebrate, relax, and recharge without thinking twice.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

third-party risk assessmentsecurity loggingmonitoringvulnerability managementthreat modelingstatic vulnerability assessmentdynamic vulnerability assessmentsecure configuration baselinessecure codingautomation

Soft Skills

problem-solvinganalytical skillsmentorshipleadershipcommunication

Certifications

CISSPCISMGIAC