Senior Security Engineer

The Senior Security Engineer is a senior-level role that reports directly to and serves as a technical expert for the Head of Security Engineering. This role is entrusted with protecting sensitive financial data and critical infrastructure across a complex hybrid technology landscape. The ideal candidate is a highly motivated and results-oriented security engineer with unparalleled expertise in strategic design and hands-on technical execution. This position demands a proven builder and problem-solver who excels at architecting resilient platforms, mentoring other engineers, and acting as a technical advisor to leadership. The principal will be instrumental in implementing the strategic vision for infrastructure security and will be responsible for providing technical expertise for complex design and operational challenges.

Key Responsibilities

• Provide expert guidance to the security architecture team to design and implement layered security architectures using Zero Trust and Defense-in-Depth principles.
• Act as a subject matter expert and technical authority for in-depth design and implementation details, providing technical support and guidance across the security organization.
• Data Loss Prevention: Provide technical expertise to the DLP team for in-depth design, implementation, and integration details. Drive implementation and integration projects for on-premise, remote, and SaaS based resources.
• Drive the security strategy for a large on-premises environment, ensuring secure integration with public cloud platforms.
• Architect and implement secure data transfer, endpoint protection, and patch management solutions.
• Architect and secure hybrid AWS and Azure environments, focusing on the critical "seam" between on-premises and cloud domains.
• Lead the automation of security operations using Python and Bash.
• Assist in design and implementation of Infrastructure as Code (IaC) with Terraform, container orchestration with platforms like Kubernetes, and the build-out of a Security Orchestration, Automation, and Response (SOAR) platform.
• Serve as the final technical escalation point, acting as Tier 3 engineering support for the most complex incident escalations.
• Assist in design and implementation of a Security Information and Event Management (SIEM) solution to centralize log correlation.
• Develop and oversee security compliance strategies, ensuring adherence to financial regulations (FINRA, SEC, PCI DSS) and security standards.

Required Technical Skills

• Cloud: Associate Architect-level knowledge of AWS and Azure security services.
• Identity & Access Management (IAM): Hands-on experience with on-premises and cloud identity platforms.
• On-Premises Security: Verifiable experience securing large on-premises networks. Hands-on expertise with secure data transfer, application allowlisting, and vulnerability scanning in connected environments.
• Architecture & Design: Mastery of Zero Trust, Defense-in-Depth, network segmentation, and firewall management.
• Automation & Tooling: Expertise in automation and orchestration tools (e.g., Python, Bash, Ansible), IaC (Terraform), and container orchestration (e.g., Kubernetes, OpenShift). Experience building and managing SOAR platforms.
• Secrets Management: Experience with secrets management platforms, including those from major cloud providers.
• Endpoint Security: Experience with endpoint automation and security solutions in both connected and disconnected environments.
• Incident Response: Hands-on experience with advanced forensic analysis, SIEM platforms like Splunk, and serving as a Tier 3 engineering expert for complex security tool failures and system vulnerabilities.

Required Experience

• 5+ years of experience in IT security, with a proven history of building and automating complex solutions.
• Demonstrated ability to design and implement vendor-agnostic solutions.
• Proven ability to provide technical leadership and act as a subject matter expert within engineering teams.
• Experience leading security projects and communicating with technical and non-technical stakeholders, including senior leadership.
• Verifiable experience securing disconnected networks and managing hybrid cloud connectivity.
• Demonstrated experience with financial regulations (FINRA, SEC, SOX, GLBA) and frameworks (PCI DSS, NIST, ISO 27001).
• Ability to design controls that generate the necessary audit trails and evidence for regulatory reporting.

Company Benefits & Perks: 

• Competitive salary package.
• Performance-based annual bonus (cash and stocks).
• Hybrid working model (3 days office/week).
• Group Medical & Life Insurance.
• Modern offices with free amenities & fully stocked cafeterias.
• Monthly food card & company-paid snacks.
• Hardship/shift allowance with company-provided pickup & drop facility*
• Attractive employee referral bonus.
• Frequent company-sponsored team-building events and outings.

* Depending upon the shifts.

** The benefits package is subject to change at the discretion of management. **