Senior Security Engineer

Why TrueML? TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal, digital-first experiences that align with their lifestyles, especially when it comes to managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real time in response to their interactions. The TrueML team includes inspired data scientists, financial services industry experts and customer experience fanatics building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavoring toward ensuring nobody gets locked out of the financial system.
The Role:
TrueML’s InfoSec team is responsible for keeping our systems secure and compliant. In this role, you will work across several internal departments across entities (Engineering, Product, Operations, Legal, Audit and Compliance) as well as with our security partners (auditors, security management platform providers) and clients to systematically identify and address information security issues. The work will include security gap analysis, advising product engineers on best practices, and helping implement and validate relevant solutions.

What You'll Do:

• Evangelizing information security across the company, training employees on new procedures
• Ownership of the PCI-DSS compliance process
• Support and deliver scalable security solutions across our diverse networks
• Consistently assess and communicate security risks associated with practices performed by the company; develop appropriate mitigation countermeasures
• Vulnerability Management program (detection, analysis, reporting, remediation assistance)
• Incident Response: Support the detection, response, and recovery from security incidents
• Provide support for automation and orchestration for 24x7x365 vulnerability management and patch validation
• Build out continuous monitoring and audit for real-time audit and compliance of frameworks
• Perform threat modeling and turn that into actionable plans to reduce risk
• Evaluate security tooling, support the development of new tools, and deploying those tools at scale
• Build out threat intelligence platform using data analytics
• Automate key security-related activities, embed security controls and processes within team workflows
• Static code analysis
• Implement test automation to assure application is tested for security in the backend, UI, and integration before it is moved to the production environment
• Participate in diagnosing and resolving security-related incidents
• Provide audit and certification support
• Implement and execute ongoing programs for proactive testing, patching, and remediation of vulnerabilities align with documented policies

What We're Looking For:

• 5+ years experience in Information Security
• 3+ years of management or lead experience
• Bachelor's degree OR equivalent relevant experience
• Recent success with PCI, SOC, and similar certifications
• Demonstrable expertise in data protection, compliance validation, vulnerability analysis, network security, infrastructure security, identity and access management, logging and monitoring, and incident response
• Strong information security risk-based prioritization abilities
• Familiarity with CASB implementation and Threat Intel feeds to identify and correlate IOCs with user behavior analytics and URL filtering
• Understanding of cloud primitives such as VPC, IAM Policy, KMS, WAF
• Experience in generating automated metrics to measure IT security effectiveness and consistency
• Demonstrated leadership, teamwork, and collaboration skills
• Results-oriented, high energy, self-motivated
• Information security professional certifications (SANS GIAC, CISSP etc.)
• Experience with Chef/Puppet, Terraform, Jenkins, Git, Helm
• Experience with GRC Tools

Benefits, Perks, and Culture - Everything you need to work remotely- Unlimited PTO- Medical/dental/vision insurance- 401k through Charles Schwab with employer contribution matches - Flexible Spending Account & Limited FSA- Short + long term disability, company paid life insurance- Family-friendly maternity and paternity leave- Employee assistance program (EAP) via Claremont. Get free short-term counseling for mental health, free + discounted legal consultations, free financial consultations, access to work/life consultants, and more!- Wellness Coach for you and 5 family members. Wellness Coach gives all TrueML employees access to 3000+ on-demand sessions about meditations, fitness, nutrition, and more!- PerkSpot discount program. PerkSpot offers exclusive discounts to 900+ merchants nationwide, and has exclusive discounts up to 60% on hotels worldwide.- Paid time off to do volunteer work in your community. We are a dynamic group of people who are subject matter experts with a passion for change. Our teams are crafting solutions to big problems every day. If you’re looking for an opportunity to do impactful work, join TrueAccord and make a difference. Our Dedication to Diversity & Inclusion TrueML and TrueAccord are equal opportunity employers. We promote, value, and thrive with a diverse & inclusive team. Different perspectives contribute to better solutions and this makes us stronger every day. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
For California Applicants: we collect personal information for employment purposes. We do not sell personal information. Most of the information we have is provided to us by you and/or collected as part of the employment process. For more details on how we use, share, and delete personal information see our Privacy Policy.