Senior Security Engineer
Remote
Applications have closed
TrueAccord
Why TrueML? TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal, digital-first experiences that align with their lifestyles, especially when it comes to managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real time in response to their interactions. The TrueML team includes inspired data scientists, financial services industry experts and customer experience fanatics building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring toward ensuring nobody gets locked out of the financial system.
The Role:
TrueML’s InfoSec team is responsible for keeping our systems secure and compliant. In this role, you will work across several internal departments across entities (Engineering, Product, Operations, Legal, Audit and Compliance) as well as with our security partners (auditors, security management platform providers) and clients to systematically identify and address information security issues. The work will include security gap analysis, advising product engineers on best practices, and helping implement and validate relevant solutions.
What You'll Do:
- Evangelizing information security across the company, training employees on new procedures
- Ownership of the PCI-DSS compliance process
- Support and deliver scalable security solutions across our diverse networks
- Consistently assess and communicate security risks associated with practices performed by the company; develop appropriate mitigation countermeasures
- Vulnerability Management program (detection, analysis, reporting, remediation assistance)
- Incident Response: Support the detection, response, and recovery from security incidents
- Provide support for automation and orchestration for 24x7x365 vulnerability management and patch validation
- Build out continuous monitoring and audit for real-time audit and compliance of frameworks
- Perform threat modeling and turn that into actionable plans to reduce risk
- Evaluate security tooling, support the development of new tools, and deploying those tools at scale
- Build out threat intelligence platform using data analytics
- Automate key security-related activities, embed security controls and processes within team workflows
- Static code analysis
- Implement test automation to assure application is tested for security in the backend, UI, and integration before it is moved to the production environment
- Participate in diagnosing and resolving security-related incidents
- Provide audit and certification support
- Implement and execute ongoing programs for proactive testing, patching, and remediation of vulnerabilities align with documented policies
What We're Looking For:
- 5+ years experience in Information Security
- 3+ years of management or lead experience
- Bachelor's degree OR equivalent relevant experience
- Recent success with PCI, SOC, and similar certifications
- Demonstrable expertise in data protection, compliance validation, vulnerability analysis, network security, infrastructure security, identity and access management, logging and monitoring, and incident response
- Strong information security risk-based prioritization abilities
- Familiarity with CASB implementation and Threat Intel feeds to identify and correlate IOCs with user behavior analytics and URL filtering
- Understanding of cloud primitives such as VPC, IAM Policy, KMS, WAF
- Experience in generating automated metrics to measure IT security effectiveness and consistency
- Demonstrated leadership, teamwork, and collaboration skills
- Results-oriented, high energy, self-motivated
- Information security professional certifications (SANS GIAC, CISSP etc.)
- Experience with Chef/Puppet, Terraform, Jenkins, Git, Helm
- Experience with GRC Tools
Benefits, Perks, and Culture - Everything you need to work remotely- Unlimited PTO- Medical/dental/vision insurance- 401k through Charles Schwab with employer contribution matches - Flexible Spending Account & Limited FSA- Short + long term disability, company paid life insurance- Family-friendly maternity and paternity leave- Employee assistance program (EAP) via Claremont. Get free short-term counseling for mental health, free + discounted legal consultations, free financial consultations, access to work/life consultants, and more!- Wellness Coach for you and 5 family members. Wellness Coach gives all TrueML employees access to 3000+ on-demand sessions about meditations, fitness, nutrition, and more!- PerkSpot discount program. PerkSpot offers exclusive discounts to 900+ merchants nationwide, and has exclusive discounts up to 60% on hotels worldwide.- Paid time off to do volunteer work in your community. We are a dynamic group of people who are subject matter experts with a passion for change. Our teams are crafting solutions to big problems every day. If you’re looking for an opportunity to do impactful work, join TrueAccord and make a difference. Our Dedication to Diversity & Inclusion TrueML and TrueAccord are equal opportunity employers. We promote, value, and thrive with a diverse & inclusive team. Different perspectives contribute to better solutions and this makes us stronger every day. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
For California Applicants: we collect personal information for employment purposes. We do not sell personal information. Most of the information we have is provided to us by you and/or collected as part of the employment process. For more details on how we use, share, and delete personal information see our Privacy Policy.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Automation CASB CISSP Cloud Code analysis Compliance Data Analytics GIAC Helm IAM Incident response Machine Learning Monitoring Network security Privacy Puppet SANS SOC Terraform Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: 401(k) matching Career development Fitness / gym Flexible spending account Flex vacation Health care Insurance Medical leave Parental leave Team events Unlimited paid time off Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs