Senior Information Security Engineer

RESPONSIBILITIES:

• Implement and enhance security controls by leading the deployment, integration, and tuning of solutions such as CNAPP, SIEM, CASB, EDR, DLP, and MDM to maximize effectiveness.
• Support security design decisions by providing subject matter expertise on cloud and SaaS security best practices while influencing architecture led by the Security Architect role.
• Lead incident response and investigations by guiding containment, remediation, root cause analysis, and post-incident improvements.
• Strengthen application security by overseeing secure development practices and managing SAST, SCA, and DAST tooling.
• Advance identity and access management by supporting IAM policy enforcement, SSO, MFA, SCIM, RBAC, and user lifecycle governance.
• Secure AI systems and integrations by assessing and protecting embedded APIs and organizational AI tool usage to ensure resilience, privacy, and compliance.
• Collaborate cross-functionally by working with Engineering, IT, and GRC teams to embed security into systems and workflows.
• Mentor and influence by providing technical guidance, reviewing work, and promoting security-first thinking across the organization.
• Stay ahead of threats and regulations by tracking emerging risks, technologies, and compliance requirements to inform forward-looking strategies.
• Participate in and help improve the on-call rotation by providing guidance, escalation support, and driving improvements in response processes.

QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Information Security, or a related technical field and/or advanced certifications (CISSP, CISM, AWS Security Specialty, SANS, etc.).
• 8+ years of hands-on experience in Information Security, IT Security, or a related role, including at least 2 years in a senior or lead capacity.
• Proven track record implementing and managing advanced security technologies (e.g., CASB, CNAPP, CSPM, SIEM, SOAR, DLP, SWG).
• Experience securing AI/ML systems or APIs, including governance of third-party AI integrations and organizational use of AI tools.
• Strong understanding of modern cloud security architecture (AWS, Azure, GCP) and experience performing threat modeling and risk assessments on cloud-based systems.
• Hands-on experience with application security tooling (SAST, SCA, DAST) and embedding secure development practices.
• Demonstrated leadership in security incident response, investigations, and root cause analysis.
• Effective communicator with the ability to influence stakeholders and explain security concepts to technical and non-technical audiences.
• Strong project management skills and the ability to drive initiatives to completion in a fast-paced environment.
• Experience mentoring engineers and setting operational standards.
• Familiarity with compliance and risk frameworks relevant to health and AI (SOC 2, ISO 27001, PCI, GDPR, FTC guidance, HIPAA-adjacent state laws) is a plus.