Senior IT Security Engineer

Job Description

Job Title: Senior IT Security Engineer

This position is a remote assignment.

Summary:
The Senior IT Security Engineer leads efforts to integrate security practices seamlessly into our DevOps and Platform Engineering processes. As a key member of the enterprise risk management team, the Senior IT Security Engineer leads secure platform engineering efforts, focused on the secure development, and operations of our banking and cloud-based environments.

Wage Type: Salaried

Essential Duties & Responsibilities:
To perform this job successfully, an individual must be able to perform each of the essential duties satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Develop and execute a comprehensive IT Security review strategy that integrates ongoing security practices, controls and reporting into our bank, Banking as a Service (BaaS), and DevOps processes and workflows.
• Lead the secure architecture and secure design and development of robust AWS cloud infrastructure to support scalable and secure applications.
• Create and maintain the security processes including, code security reviews, secure application development, data security, and secure API integrations.
• Perform ongoing, day to day monitoring, logging, and disposition of security alerts to ensure timely response to security vulnerabilities and threats.
• Implement security best practices for cloud infrastructure on platforms such as AWS, Azure, or Cloudflare, including identity and access management, network security, and data encryption.
• Implement security best practices bank-wide including BaaS frameworks, transaction movements and data sharing.
• Implement monitoring and logging solutions to detect security threats and anomalies in real-time and develop incident response procedures to address security incidents promptly.
• Ensure compliance with federal and state banking security regulations and security industry standards including but not limited to FFIEC, NIST, GDPR, HIPAA, PCI-DSS, OWASP and SOC 2, and lead efforts to obtain and maintain relevant certifications.
• Serve as SME on secure by design principals, working with key business partners including a team of Security engineers, providing guidance, support, and technical expertise to drive security initiatives and foster a culture of security excellence.
• Enrich application architecture with security standards, best practices and define baseline configuration.
• Partner with teams to define key performance indicators (KPIs), key risk indicators (KRIs) and distribute useful security related metrics to key stakeholders.
• Maintain comprehensive documentation of security controls, policies, procedures, and incidents to ensure compliance and facilitate knowledge sharing.
• Collaborate with cross-functional teams, including development, operations, security, and business units, to ensure seamless integration and alignment of DevSecOps practices with business goals.
• Carries out responsibilities in a manner consistent with our values and operating principles, in accordance with policy and applicable laws, and with a commitment to commitment to continuous improvement and process excellence.
• Other duties as assigned.
  

Organizational Structure:

Reports to: Chief Compliance Officer / Chief Information Security Officer

Qualifications:

Education:

• Bachelor's degree in Computer Science, Engineering, or related field

Required Knowledge/Skills:

• Deep expertise building, securing, monitoring, and scaling workloads in AWS.
• Deep understanding of security principles, best practices, and compliance standards.
• Demonstrated ability to implement and enforce security policies and practices throughout the DevOps lifecycle.
• Hands-on experience with security tools and frameworks such as static code analysis, vulnerability scanning, and security testing.
• Expertise in Cloud Security tooling including EDR, SIEM, IDS toolset including vendor selection and management
• Proficiency with Terraform and Infrastructure as Code including creating and maintaining modules.
• Experience with CI/CD tooling and creating pipelines to support the security lifecycle.
• Knowledge of containerization technologies such as Docker and container orchestration platforms like Kubernetes, with a focus on container security.
• Strong understanding of networking, encryption, access controls, and authentication mechanisms.
• Solid understanding of networking concepts, security best practices, and compliance standards.
• Strong scripting experience in Python, PowerShell, Bash, or other scripting language
• Experience with security principles relating to, IAM, DLP, SDLC, IT asset management, secure architecture and Incident Response.
• Experience with Agile methodologies and leading Agile teams.
• Ability to analyze information and make logical recommendations.

Desired Skills:

• Experience working for a bank or in another highly regulated industry.
• Experience working with offshore resources in EMEA.
• Experience with IT Governance as Code and Policy as Code.
• Experience working with New Relic or other SAAS monitoring platforms.
• Experience working with Azure DevOps, Github Actions, or other CICD Tooling
• Familiarity with OWASP top 10 framework and other security frameworks.
• Experience working with Cloudflare.
• Experience working with Ansible or other configuration as code tools.
• Experience with repository and artifact management.
• Relevant security certifications (e.g., CISSP, CEH, AWS Certified Security Specialty) are a plus.
• Willingness to learn and adapt to new technologies.
• Knowledge of agile methodologies is desirable.
• The ideal candidate will possess a deep understanding of banking applications, core provider integrations, AWS cloud services, DevOps, expertise in security practices, and a passion for driving a culture of security-first mindset.

Desired Experiences:

• 8+ years of relevant experience in DevOps, SecOps, or similar roles, with a strong focus on AWS cloud services.
• 2+ years of experience in a leadership role
• 2+ years of experience in one or more domains in security:
  • Identity & Access Management
  • Detection & Response
  • Vulnerability Management

Talents:

• • Ability to think creatively, stimulate new ideas and challenge existing thinking.
  • Excellent leadership, communication, and interpersonal skills.
  • Ability to present information to wide variety of audiences, including senior management.
  • Strong positivity
  • Mission driven, competitive, goal oriented, enthusiastic, and motivated to develop themselves and others.
  • Energetic, resourceful, and appropriate work intensity to get the work done.
  • Organized, detail-oriented, and able to focus in distracting environments.
  • Curious natured and willing to try and enjoy new experiences.
  • Strong people acumen and relationship skills; naturally pre-disposed to quickly establish positive personal and professional relationships.

Other:

• Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form.
• Must be able to lift to 20 pounds.

TransPecos Banks will not accept unsolicited resumes from any source other than the candidate. We will consider any candidate for whom an Agency submits an unsolicited resume, to have been referred to us by the Agency free of any charges or fees, other than those agencies we engage on a specific search. TransPecos Banks will not pay a fee for any placement resulting from the receipt of an unsolicited resume.