Principal Security Engineer

About Ethos

Ethos is a leading life insurance technology company on a mission to protect families by democratizing access to life insurance and empowering agents at scale. With its robust three-sided technology platform, Ethos is transforming the life insurance experience for consumers, agents, and carriers alike. Ethos offers instant, accessible products and a seamless online process that requires no medical exams and just a few health questions; it eliminates traditional barriers, making it easier than ever for everyone to protect their families. Ethos is redefining how life insurance is bought, sold, and underwritten.

About the Role

We’re seeking a Principal Security Engineer with deep expertise in application security, AI security, and security architecture to join our growing security team. This role reports directly to the CISO. You’ll lead the design and implementation of scalable, secure systems across cloud platforms and modern application stacks — including AI-powered tooling — guiding both strategic security initiatives and day-to-day security engineering operations.

This is a high-impact role that will shape the security posture of our platforms and development practices, working across engineering, DevOps, architecture, and compliance teams.

Responsibilities

Core Security Engineering

• Design and implement secure architectures for applications, APIs, microservices, and containerized workloads.
• Develop and enforce application security best practices across SDLC; partner with DevOps and engineering teams to integrate security into CI/CD pipelines.
• Conduct threat modeling, security design reviews, and risk assessments for new and existing systems.
• Evaluate and implement security tools, controls, and frameworks
• Provide technical leadership and mentorship to security engineers, software developers, and DevOps personnel.
• Lead response to complex security incidents or architectural flaws; conduct root cause analysis and recommend strategic remediations.
• Contribute to and influence security policies, standards, and governance.
• Stay current with emerging threats, vulnerabilities, and security technologies, advising stakeholders on evolving risks and mitigations.

AI Security

• Own the AI security program, including risk frameworks, threat models, and governance policies for AI/ML systems and LLM integrations.
• Review new AI tool features and model updates for security risks prior to adoption, covering prompt injection, data leakage, model poisoning, and supply chain threats.
• Track and apply industry guidance from NIST AI RMF, OWASP LLM Top 10, MITRE ATLAS, and CISA; translate standards into actionable internal controls and secure configuration baselines.
• Embed AI security reviews into the feature development lifecycle, including pre-deployment red-teaming and adversarial testing of AI-powered features.
• Monitor AI regulatory developments and advise on security and compliance implications for the organisation.

Requirements

Required Qualifications

• 10+ years of experience in security engineering or architecture roles.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field from a reputable institution.
• Deep expertise in cloud platforms (particularly AWS), including infrastructure-as-code (e.g., Terraform, CloudFormation).
• Strong experience in secure software development and application security (e.g., OWASP Top 10, SAST, DAST, threat modeling).
• Experience designing and implementing zero-trust architectures, secure API gateways, and identity/access controls.
• Proficient in scripting or development languages (e.g., Python, Go, JavaScript) and secure coding practices.
• Demonstrated leadership in cross-functional security initiatives and technical mentorship.
• Hands-on experience assessing security risks of AI/ML systems, including familiarity with OWASP LLM Top 10, MITRE ATLAS, or NIST AI RMF.
• Demonstrated ability to evaluate new AI tool features and vendor releases for security implications, and to produce clear risk assessments and secure configuration guidance.
• Experience researching and applying industry security guidance, translating standards and frameworks into organisational controls and policies.

Preferred Qualifications

• Certifications such as CISSP, CCSP, AWS Security Specialty, GIAC (GCSA, GWEB, GDSA).
• Familiarity with Kubernetes security, service mesh, and cloud-native security tooling.
• Experience in regulated industries (e.g., fintech, healthcare, SaaS at scale).
• Experience with AI red-teaming, adversarial ML, or LLM security assessment tooling.
• Familiarity with secure configuration benchmarks for AI/ML platforms (e.g., AWS Bedrock).
• Knowledge of emerging AI regulatory frameworks (e.g., EU AI Act, NIST AI RMF) and their security and compliance implications.

#LI-Hybrid

#LI-SP1

Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. At Ethos we are dedicated to building a diverse, inclusive and authentic workplace.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Pursuant to the SF Fair Chance Ordinance, we will consider employment for qualified applicants with arrests and conviction records.

To learn more about what information we collect and how it may be used, please refer to our California Candidate Privacy Notice.

Recruitment Notice: Please be aware of recruitment scams. All legitimate communication from our team will only come from email addresses ending in @ethos.com or @getethos.com.

We will never ask for payment, banking details, or sensitive personal information during the hiring process. If you are contacted by someone claiming to represent us from a different email address, please treat it as fraudulent.