Sr. Security Engineer

About the Company We are a collective of insurance brands focused on life and annuities. Driven by a commitment to transform our industry, we actively integrate state-of-the-art technology throughout our operations. Our forward-thinking approach leverages technology and innovation to help companies succeed. Role Overview As a Senior Security Engineer, you will be tasked with the critical role of protecting a business-critical application including ancillary systems, networks, and data from cyber threats. You will be responsible for the design and implementation of a cyber security program for the application including, but not limited to, network, information, and application security, incident response, vulnerability and compliance management. This is a new role for the application, it requires both leadership and hands-on doer mentality. Key Responsibilities: 1. Security System Development: o Design and implement security systems to monitor the application and integrations. o Develop and enforce security policies, protocols, and procedures o Review application infrastructure, dependencies, and code for security flaws and provide recommendations for improvement o Perform threat modeling 2. Risk Assessment and Management: o Conduct regular security assessments and audits to identify vulnerabilities. o Perform risk analysis and develop mitigation strategies o Manage the lifecycle of application vulnerabilities including identification, reporting and remediation 3. Incident Response: o Monitor systems for security breaches and respond to incidents o Investigate security breaches and lead incident response activities o Perform forensic analysis to understand and address breaches 4. Security Tools and Technologies: o Implement and manage security tools such as firewalls, intrusion detection systems, and antivirus software o Stay updated with the latest security technologies and threats. 5. Compliance and Standards: o Ensure compliance with industry standards and regulations (focus on SOC2) o Participate in external and internal audits and reviews 6. Training and Awareness: o Educate employees on security best practices and policies o Develop and conduct security training sessions and awareness programs 7. Collaboration: o Work closely with IT teams to ensure secure integration of new systems o Collaborate with other departments to understand their security needs and provide solutions Qualifications: • Education: o Bachelor’s degree in Computer Science, Information Technology, or a related field o Relevant certifications (e.g., CISSP, CISM, CEH) are preferred. • Experience: o Proven experience as a Security Engineer (or similar) in a Cloud-based environment. Experience with GCP is preferred o Proven experience building/maintaining SOC2 controls o Experience with security systems, including firewalls, intrusion detection systems, and antivirus software. Experience with Chronicle, SCC, and Datadog is preferred o Hands-on experience with risk assessment tools and methodologies.