Sr. Security Engineer

Sr. Information Security Engineer

What you’ll do

As a Senior Information Security Engineer, you will play a critical role in advancing the security strategy for a market leading HR Tech SaaS company. You will join a dynamic team of professionals focused on strengthening our security posture, responding to emerging threats, and proactively mitigating risks. Acting as the lead engineering resource for the InfoSec team, you will collaborate with stakeholders across the organization and around the world. This role involves a mix of proactive security projects and reactive incident response responsibilities. Responsibilities include:

• Monitors security event platforms, manages incident first level response, triage, potential resolution, and participates in retrospective activities as required
• Overall responsibility for vulnerability management program including categorization, tracking, documentation, and reporting on vulnerabilities from discovery through remediation
• Assist in review of new security tools including developing requirements, recommending/assessing various tools, and then implementation thru to a production ready status
• Provides proactive feedback to enable improvement of the current monitoring and tools, based on information and knowledge/experience
• Creates daily, weekly, and monthly reports for Security Management Team
• Performs front line response and escalation tasks and updates runbooks and procedures as needed
• Compiles statistics and contributes to the improvement and creation of playbooks
• Uses public cyber security resources (e.g. sites/blogs/podcasts) to stay up to date with latest news, threats, and security analysis tools
• Participates in on-call rotation

Qualifications

• Bachelor’s degree in Information Technology, Computer Science, or a related field
• 10 years of hands-on IT experience, +5 years of experience in Information Security Engineering focused on incident response, security architecture/design, monitoring and threat detection, and DevSecOps
• Demonstrated experience leading end-to-end incident response in cloud environments, including detection, containment, eradication, and recovery
• Proficient in offensive, “Purple Team”, security tactics such as threat hunting and penetration testing, as well as implementing effective defensive solutions
• Proven ability to design, implement and optimize security controls utilizing industry standard frameworks
• Deep knowledge of DAST, SAST, SCA, and the secure software development lifecycle, with the ability to read and understand code (e.g., JavaScript, PHP, Java)
• Advanced scripting skills for automation, system management, and process efficiency; PowerShell or Python preferred
• Expertise in identity and access management (IAM, SSO/MFA, SCIM), preferably with Okta, and strong understanding of DNS and networking protocols
• Demonstrated experience working in SOC- or ISO-compliant environments, with an understanding of security standards and compliance practices
• Exceptional communication skills with the ability to translate technical concepts for technical and non-technical audiences
• Project management experience with a proven ability to plan, execute, and oversee complex IT initiatives
• Ability to document technical processes and train both technical and non-technical teams for consistent operational success
• Self-starter with the capacity to work independently and lead initiatives while being an effective team player focused on collective goals
• Strong sense of teamwork, with a focus on achieving collective success and contributing to a positive team dynamic
• Industry-recognized certifications such as CISSP, AWS Security Specialty, or Azure Security Engineer are strongly preferred