Acrisure
Overview
Join to apply for the
Principal Security Engineer
role at
Acrisure . Job Description
This role strengthens and optimizes the organization's security capabilities by reviewing existing tools, applications, and processes to identify gaps. It establishes and maintains cloud security architecture best practices, focusing on Azure and VMware, and integrates new and existing security platforms. The role collaborates with Data Center and Network Operations teams to maintain a secure architecture and analyzes security events for anomalous activity. It contributes to the organization's security posture and ensures a secure environment. The individual works on issues requiring the analysis of relevant factors and exercises considerable judgment within defined procedures to determine appropriate action. This role will work across multiple departments to design, implement, and manage security solutions that protect both internal and third party (vendor) systems and customer data. You will play a critical role in ensuring that security practices are aligned with compliance requirements while driving technical solutions for secure systems and data protection across the entire organization. Responsibilities
Security Engineering & Architecture: Design, implement, and maintain security architectures across cloud, third-party, and on-premises environments, including evaluating and integrating emerging security technologies. DevSecOps: Embed security within CI/CD pipelines, establish security standards, and conduct secure code reviews with development teams. Cryptography: Understand encryption technologies for data at rest and in transit, manage cryptographic keys, and ensure compliance with industry standards. Identity & Authentication: Design and manage secure identity solutions, including SSO, IdPs, and federation protocols such as SAML, OAuth, and OpenID Connect. Secure Coding: Proficient in secure coding practices, training teams, and developing standards to prevent vulnerabilities. Governance, Risk, & Compliance (GRC): Strong grasp of GRC frameworks (e.g., NIST, ISO 27001) and experience aligning technical controls with regulatory and audit requirements. Threat Management: Perform risk assessments, threat modeling, vulnerability assessments, and mitigation planning. Incident Response & Monitoring: Knowledge of incident response strategies, SOC collaboration, and implementing continuous monitoring tools. Collaboration & Leadership: Ability to work with cross-functional teams, mentor junior engineers, and act as a subject matter expert in security technologies, tools, and frameworks. Requirements
Deep understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry regulations (GDPR, HIPAA, PCI-DSS). Hands-on experience with security tools such as IDS/IPS, SIEM, vulnerability scanners, and penetration testing platforms. Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications. Proficiency in programming languages (e.g., Python, Java, C++) and automation tools (e.g., Terraform, Ansible). Strong knowledge of networking protocols, firewalls, VPNs, proxies, and security monitoring tools. 5+ years of relevant experience in security engineering and GRC-focused security solutions development. Extensive hands-on experience in DevSecOps, integrating security in CI/CD pipelines, and supporting development teams in secure coding practices. Proven expertise in cryptography, including encryption, key management, and digital signatures. Strong background in IdP management and federated authentication solutions (SAML, OAuth, OpenID Connect). Experience implementing technical controls and solutions that align with governance, risk, and compliance frameworks (e.g., NIST, ISO 27001, GDPR, HIPAA, PCI-DSS). Certifications (preferred): CISSP, CISM, GIAC, CEH, CRISC. Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership. Benefits and Perks
Competitive compensation Generous vacation policy, paid holidays, and paid sick time Medical, Dental, and Vision Insurance (employee-paid) Company-paid Short-Term and Long-Term Disability Insurance Company-paid Group Life Insurance Company-paid EAP and Calm App subscription Employee-paid Pet Insurance and optional supplemental coverage Vested 401(k) with company match and financial wellness programs Flexible Spending Account (FSA), Health Savings Account (HSA) and commuter benefits Paid maternity/paternity leave and fertility benefits Career growth and learning opportunities Note: This list is not reflective of all benefits. Enrollment waiting periods or eligibility criteria may apply to certain benefits. Offerings may vary by subsidiary or location. Pay Details: The base compensation range for this position is $150,000 - $160,000. This range reflects Acrisure's good faith estimate at the time of this posting. Placement within the range will be based on factors including skills, experience, qualifications, location, and internal equity. Acrisure is committed to employing a diverse workforce. All applicants will be considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, veteran status, or disability status. California residents can learn more about our privacy practices for applicants at Acrisure California Applicant Privacy Policy. Note: This listing excludes unsolicited resumes from agencies without a signed mutual service agreement.
#J-18808-Ljbffr
Join to apply for the
Principal Security Engineer
role at
Acrisure . Job Description
This role strengthens and optimizes the organization's security capabilities by reviewing existing tools, applications, and processes to identify gaps. It establishes and maintains cloud security architecture best practices, focusing on Azure and VMware, and integrates new and existing security platforms. The role collaborates with Data Center and Network Operations teams to maintain a secure architecture and analyzes security events for anomalous activity. It contributes to the organization's security posture and ensures a secure environment. The individual works on issues requiring the analysis of relevant factors and exercises considerable judgment within defined procedures to determine appropriate action. This role will work across multiple departments to design, implement, and manage security solutions that protect both internal and third party (vendor) systems and customer data. You will play a critical role in ensuring that security practices are aligned with compliance requirements while driving technical solutions for secure systems and data protection across the entire organization. Responsibilities
Security Engineering & Architecture: Design, implement, and maintain security architectures across cloud, third-party, and on-premises environments, including evaluating and integrating emerging security technologies. DevSecOps: Embed security within CI/CD pipelines, establish security standards, and conduct secure code reviews with development teams. Cryptography: Understand encryption technologies for data at rest and in transit, manage cryptographic keys, and ensure compliance with industry standards. Identity & Authentication: Design and manage secure identity solutions, including SSO, IdPs, and federation protocols such as SAML, OAuth, and OpenID Connect. Secure Coding: Proficient in secure coding practices, training teams, and developing standards to prevent vulnerabilities. Governance, Risk, & Compliance (GRC): Strong grasp of GRC frameworks (e.g., NIST, ISO 27001) and experience aligning technical controls with regulatory and audit requirements. Threat Management: Perform risk assessments, threat modeling, vulnerability assessments, and mitigation planning. Incident Response & Monitoring: Knowledge of incident response strategies, SOC collaboration, and implementing continuous monitoring tools. Collaboration & Leadership: Ability to work with cross-functional teams, mentor junior engineers, and act as a subject matter expert in security technologies, tools, and frameworks. Requirements
Deep understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry regulations (GDPR, HIPAA, PCI-DSS). Hands-on experience with security tools such as IDS/IPS, SIEM, vulnerability scanners, and penetration testing platforms. Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications. Proficiency in programming languages (e.g., Python, Java, C++) and automation tools (e.g., Terraform, Ansible). Strong knowledge of networking protocols, firewalls, VPNs, proxies, and security monitoring tools. 5+ years of relevant experience in security engineering and GRC-focused security solutions development. Extensive hands-on experience in DevSecOps, integrating security in CI/CD pipelines, and supporting development teams in secure coding practices. Proven expertise in cryptography, including encryption, key management, and digital signatures. Strong background in IdP management and federated authentication solutions (SAML, OAuth, OpenID Connect). Experience implementing technical controls and solutions that align with governance, risk, and compliance frameworks (e.g., NIST, ISO 27001, GDPR, HIPAA, PCI-DSS). Certifications (preferred): CISSP, CISM, GIAC, CEH, CRISC. Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership. Benefits and Perks
Competitive compensation Generous vacation policy, paid holidays, and paid sick time Medical, Dental, and Vision Insurance (employee-paid) Company-paid Short-Term and Long-Term Disability Insurance Company-paid Group Life Insurance Company-paid EAP and Calm App subscription Employee-paid Pet Insurance and optional supplemental coverage Vested 401(k) with company match and financial wellness programs Flexible Spending Account (FSA), Health Savings Account (HSA) and commuter benefits Paid maternity/paternity leave and fertility benefits Career growth and learning opportunities Note: This list is not reflective of all benefits. Enrollment waiting periods or eligibility criteria may apply to certain benefits. Offerings may vary by subsidiary or location. Pay Details: The base compensation range for this position is $150,000 - $160,000. This range reflects Acrisure's good faith estimate at the time of this posting. Placement within the range will be based on factors including skills, experience, qualifications, location, and internal equity. Acrisure is committed to employing a diverse workforce. All applicants will be considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, veteran status, or disability status. California residents can learn more about our privacy practices for applicants at Acrisure California Applicant Privacy Policy. Note: This listing excludes unsolicited resumes from agencies without a signed mutual service agreement.
#J-18808-Ljbffr