Lead Information Security Engineer

The Impact: This is an excellent opportunity to join Enterprise Solutions as we transform and harmonize our infrastructure into a unified place while also developing your skills and furthering your career as we plan to power the markets of the future.

Whats in it for you: In this role, youll have the opportunity to shape the Enterprise Solutions AI, cloud, and application security strategy, directly influence product design and remediation efforts, and collaborate across engineering teams to strengthen our overall security posture. Youll play a critical role in bridging security with product development, giving you visibility, impact, and influence across the enterprise.

Responsibilities: This role is responsible for partnering with product engineering teams to design and implement security remediation activities, while serving as the bridge between centralized security and development. The position focuses on applying cloud, application, and development security principles to ensure secure architectures, effective risk mitigation, and consistent adoption of security best practices across product environments.

• Governance & Risk Management
  • Act as a liaison between the centralized security function and product development and infrastructure support teams.
  • Contribute to defining and maintaining security standards, patterns, and best practices, including secure AI development guidelines.
  • Review and advise on secure architecture, identity and access management, AI model/data protections, and cloud configurations.
  • Define and enforce security policies, standards, and procedures.
  • Conduct risk assessments, threat modeling, and security posture evaluations.
  • Communicate security requirements and risks effectively to both technical and non-technical stakeholders.
  • Support security assessments and provide recommendations for risk mitigation across cloud, application, and AI workloads.
  • Align security practices with frameworks (NIST CSF, ISO 27001, CIS Controls, COBIT).
  • Ensure compliance with regulations (GDPR, HIPAA, SOC 2, PCI DSS, SOX).

• Security Operations (SecOps)
  • Monitor, detect, and respond to threats via SOC and SIEM tools (e.g., Splunk, Sentinel).
  • Manage incident response lifecycle: detection, containment, eradication, recovery, and lessons learned.
  • Perform vulnerability scanning, penetration testing, and red/blue team exercises.
  • Integrate AI-driven threat intelligence, anomaly detection, and exploit likelihood scoring (e.g., EPSS).
  • Partner with engineering teams to design and implement security remediation activities.

• Infrastructure & Application Security
  • Secure networks, endpoints, databases, and cloud-native workloads.
  • Apply encryption, data loss prevention (DLP), and secure coding standards.
  • Support DevSecOps pipelines: automated scanning, IaC security, container/Kubernetes hardening.
  • Oversee patch management and configuration compliance processes.
  • Collaborate with product engineers to embed security into system design, development, and deployment, including AI-enabled features.
  • Awareness & Training
  • Educate employees, tech teams, and clients on emerging threats and secure practices.
  • Run phishing simulations, security workshops, and compliance training.
  • Promote a culture of security-first thinking across the enterprise.

• Metrics, Reporting & Continuous Improvement
  • Understand and be able summarize security posture data for a large application and infrastructure portfolio to senior level leadership.
  • Track KPIs such as mean-time-to-detect (MTTD), mean-time-to-respond (MTTR), SLA adherence.
  • Provide dashboards and reports for leadership, clients, and regulators.
  • Conduct root cause analysis post-incident and implement lessons learned.
  • Drive continuous improvement through automation, AI adoption, and process optimization.

What were looking for:

• Strong knowledge of cloud security, with emphasis on AWS services and architecture.
• Experience with AI security frameworks and guidance (e.g., NIST AI RMF, OWASP Top 10 for LLM Applications, MITRE ATLAS).
• Experience in application and development security, including secure coding practices and CI/CD integration.
• Working knowledge of IAM, container security, AI/ML security considerations, SAST/DAST tooling, and DevSecOps practices.
• Understanding of AI risk areas (model misuse, data poisoning, privacy leakage, prompt/content manipulation) and emerging mitigation strategies.
• Proven ability to collaborate with engineering teams to deliver security solutions and remediation.
• Broad understanding of security domains, with the ability to evaluate and recommend tools and processes, including those supporting AI workloads.
• Strong problem-solving, communication, and cross-functional collaboration skills.
• 10+ years of IT security experience, with demonstrated success in senior or strategic security engineering roles.