HUB International
Security Architecture Engineer
HUB International, Charlotte, North Carolina, United States, 28245
ABOUT US
At
HUB International
, we are a team of entrepreneurs. We believe in protecting and supporting the aspirations of individuals, families, and businesses. We help our clients evaluate their risks and develop solutions tailored to their needs. We believe in empowering our employees to learn, grow, and make a difference. Our structure enables our teams to maintain their own unique, regional culture while leveraging support and resources from our corporate centers of excellence.
HUB is a global insurance and employee benefits broker, providing a boundaryless array of business insurance, employee benefits, risk services, personal insurance, retirement, and private wealth management products and services. With over $5 billion in revenue and almost 20,000 employees in 600 offices throughout North America, HUB has grown substantially, in part due to our industry leading success in mergers and acquisitions.
Job Overview
As a
Security Architecture Engineer
with a focus on
DevSecOps
, you will play a critical role in ensuring that security is embedded throughout the software development lifecycle (SDLC) and in continuous integration/continuous deployment (CI/CD) pipelines. You will be responsible for designing, building, and maintaining security controls that ensure application, infrastructure, and cloud security across both on-premises and cloud environments.
In this role, you will collaborate with Security Architects, development, operations, and security teams to automate security processes and implement security as code. You will be expected to bring expertise in both DevOps practices and security principles to ensure rapid yet secure software delivery. This position requires strong technical skills and the ability to work in a fast-paced, collaborative environment.
Key Responsibilities
1. Security Integration in DevOps Pipelines
Design and implement security solutions that integrate seamlessly with DevOps workflows and CI/CD pipelines.
Automate security testing (SAST, DAST, IAST) and integrate with existing CI/CD tools like Jenkins, GitLab CI, Azure DevOps, or CircleCI.
Develop and enforce security-as-code principles, ensuring that security policies and compliance controls are applied programmatically during application deployment.
Collaborate with development teams to embed security into containerization and orchestration platforms like
Docker
and
Kubernetes
.
2. Secure Architecture Design & Reviews
Review and advise on secure architectural patterns for applications, microservices, APIs, and cloud infrastructure.
Perform threat modeling, risk assessments, and security reviews of applications and infrastructure to identify and mitigate security risks early in the development process.
Ensure that the design and deployment of applications align with security best practices such as
zero trust architecture
,
least privilege access
, and
data encryption
.
3. Automation & Security Tooling
Implement and maintain security automation tools to monitor and enforce security policies across the development lifecycle.
Desired experience with tools such as
Terraform
,
Ansible
, or
Puppet
used to automate infrastructure provisioning with security baked in.
Desired experience with tools used to manage and enhance security testing for code analysis, container security, and open-source vulnerabilities (e.g.,
Aqua
,
Twistlock
,
Trivy, Boost
).
4. Vulnerability Management & Incident Response
Work with development and operations teams to fix vulnerabilities identified during automated scans or manual reviews.
Ensure continuous monitoring of cloud and application environments through security information and event management (SIEM) and cloud security monitoring tools.
Establish security incident response workflows within DevOps processes to ensure rapid detection and remediation of security incidents.
5. Collaboration & Security Culture
Serve as a liaison between development, operations, and security teams in a decentralized, regionally dispersed organization to drive the adoption of DevSecOps practices.
Conduct training and knowledge-sharing sessions to educate developers and operations staff on secure coding practices, security testing, and DevSecOps principles.
Work closely with compliance and governance teams to ensure that regulatory requirements (e.g.,
GDPR
,
HIPAA
,
PCI-DSS
) are met within the DevOps environment.
6. Continuous Improvement
Continuously assess and improve security processes and tools to keep pace with evolving threats and industry best practices.
Stay current with the latest developments in DevOps, cloud security, and security automation technologies.
Ensure that feedback loops are established to learn from past incidents and improve security in future iterations of software development.
Technical Requirements
1. Hands-On DevSecOps Experience
Strong experience with DevOps tools and platforms (e.g.,
Jenkins
,
GitLab
,
Travis CI
,
Azure DevOps
,
CircleCI
).
Hands-on experience automating security tests (e.g., SAST, DAST, IAST) and integrating security tools into CI/CD pipelines.
Desired exposure to
container security
tools (e.g.,
SentinelOne, Aqua Security
,
Twistlock
,
Sysdig
).
Desired experience with cloud infrastructure security for
AWS
,
Azure
, or
Google Cloud
, including the use of cloud security tools (e.g.,
AWS GuardDuty
,
Azure Security Center
,
GCP Security Command Center)
2. Programming & Scripting Skills
Proficiency in at least one programming language (e.g.,
Python
,
Go
,
Java
,
Node.js
) and scripting languages like
Bash
or
PowerShell
.
Experience with infrastructure-as-code (IaC) tools such as
Terraform
,
Ansible
,
Puppet
, or
Chef
to automate security configurations.
Familiarity with building and securing containerized environments, particularly with
Docker
and
Kubernetes
.
3. Cloud Security Expertise
Knowledge of securing microservices architectures, API gateways, and distributed systems.
Desired experience securing cloud-native services, containers, and serverless architectures.
Desired experience in implementing
identity and access management (IAM)
policies,
data encryption
,
network segmentation
, and
logging/monitoring
in cloud environments.
4. Security Certifications (Preferred)
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
AWS Certified DevOps Engineer - Professional
Certified Kubernetes Security Specialist (CKS)
Certified Ethical Hacker (CEH)
Skills & Experience
Bachelor's Degree
in Information Security, Computer Science, or related field (or equivalent work experience).
5+ years
of experience in security engineering or DevSecOps.
Strong understanding of
security frameworks
such as
NIST
,
CIS
, and
OWASP Top 10
.
Experience in cloud security, including public cloud (AWS, Azure, GCP) and cloud-native applications.
Demonstrated ability to work with development and operations teams to implement security controls in a DevOps environment.
Teamwork & Collaboration Expectations
Collaborate with development, DevOps, and security teams to align on security requirements and practices within the SDLC.
Work cross-functionally to identify security risks and enforce secure coding, cloud, and infrastructure practices.
Provide technical leadership and mentor junior team members on DevSecOps practices and automation.
Ability to Work Independently
Demonstrate the ability to work autonomously in developing and implementing security architectures for cloud and DevOps environments.
Manage multiple projects independently, prioritizing tasks based on risk and business needs.
Lead the identification and remediation of security issues within applications and infrastructure without requiring constant oversight.
Training & Development
Ongoing Training:
Participate in continuous learning and training in
cloud security
,
DevSecOps
, and
security automation
technologies.
Pursue professional training and/or certifications in areas such as
cloud security
and
security automation
(e.g.,
AWS Certified DevOps
,
CKS
,
CCSP
).
Internal Training:
Conduct internal training sessions to upskill developers and DevOps teams on secure coding and security automation.
Participate in company-led cybersecurity training and awareness programs to stay aligned with organizational goals and strategies.
Disclosure required under applicable law in California, Colorado, Illinois, Maryland, Minnesota, New York, New Jersey, and Washington states: The expected salary range for this position is $110,000 to $130,000 and will be impacted by factors such as the successful candidate's skills, experience and working location, as well as the specific position's business line, scope and level. If you believe that your qualifications and experience surpass the minimum requirements for this role, we encourage you to submit your application. By doing so, we will be able to keep your application on file for consideration for potential future positions within our organization. HUB International is proud to offer comprehensive benefit and total compensation packages which could include
health/dental/vision/life/disability
insurance, FSA, HSA and 401(k) accounts, paid-time-off benefits such as vacation, sick, and personal days, and eligible bonuses, equity and commissions for some positions.
Department Information Technology
Required Experience: 2-5 years of relevant experience
Required Travel: Up to 25%
Required Education: Bachelor's degree (4-year degree)
HUB International Limited is an equal opportunity employer that does not discriminate on the basis of race/ethnicity, national origin, religion, age, color, sex, sexual orientation, gender identity, disability or veteran's status, or any other characteristic protected by local, state or federal laws, rules or regulations.
E-Verify Program (https://hubinternational.jobs/e-verify/)
We endeavor to make this website accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the recruiting team HUBRecruiting@hubinternational.com . This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.
At
HUB International
, we are a team of entrepreneurs. We believe in protecting and supporting the aspirations of individuals, families, and businesses. We help our clients evaluate their risks and develop solutions tailored to their needs. We believe in empowering our employees to learn, grow, and make a difference. Our structure enables our teams to maintain their own unique, regional culture while leveraging support and resources from our corporate centers of excellence.
HUB is a global insurance and employee benefits broker, providing a boundaryless array of business insurance, employee benefits, risk services, personal insurance, retirement, and private wealth management products and services. With over $5 billion in revenue and almost 20,000 employees in 600 offices throughout North America, HUB has grown substantially, in part due to our industry leading success in mergers and acquisitions.
Job Overview
As a
Security Architecture Engineer
with a focus on
DevSecOps
, you will play a critical role in ensuring that security is embedded throughout the software development lifecycle (SDLC) and in continuous integration/continuous deployment (CI/CD) pipelines. You will be responsible for designing, building, and maintaining security controls that ensure application, infrastructure, and cloud security across both on-premises and cloud environments.
In this role, you will collaborate with Security Architects, development, operations, and security teams to automate security processes and implement security as code. You will be expected to bring expertise in both DevOps practices and security principles to ensure rapid yet secure software delivery. This position requires strong technical skills and the ability to work in a fast-paced, collaborative environment.
Key Responsibilities
1. Security Integration in DevOps Pipelines
Design and implement security solutions that integrate seamlessly with DevOps workflows and CI/CD pipelines.
Automate security testing (SAST, DAST, IAST) and integrate with existing CI/CD tools like Jenkins, GitLab CI, Azure DevOps, or CircleCI.
Develop and enforce security-as-code principles, ensuring that security policies and compliance controls are applied programmatically during application deployment.
Collaborate with development teams to embed security into containerization and orchestration platforms like
Docker
and
Kubernetes
.
2. Secure Architecture Design & Reviews
Review and advise on secure architectural patterns for applications, microservices, APIs, and cloud infrastructure.
Perform threat modeling, risk assessments, and security reviews of applications and infrastructure to identify and mitigate security risks early in the development process.
Ensure that the design and deployment of applications align with security best practices such as
zero trust architecture
,
least privilege access
, and
data encryption
.
3. Automation & Security Tooling
Implement and maintain security automation tools to monitor and enforce security policies across the development lifecycle.
Desired experience with tools such as
Terraform
,
Ansible
, or
Puppet
used to automate infrastructure provisioning with security baked in.
Desired experience with tools used to manage and enhance security testing for code analysis, container security, and open-source vulnerabilities (e.g.,
Aqua
,
Twistlock
,
Trivy, Boost
).
4. Vulnerability Management & Incident Response
Work with development and operations teams to fix vulnerabilities identified during automated scans or manual reviews.
Ensure continuous monitoring of cloud and application environments through security information and event management (SIEM) and cloud security monitoring tools.
Establish security incident response workflows within DevOps processes to ensure rapid detection and remediation of security incidents.
5. Collaboration & Security Culture
Serve as a liaison between development, operations, and security teams in a decentralized, regionally dispersed organization to drive the adoption of DevSecOps practices.
Conduct training and knowledge-sharing sessions to educate developers and operations staff on secure coding practices, security testing, and DevSecOps principles.
Work closely with compliance and governance teams to ensure that regulatory requirements (e.g.,
GDPR
,
HIPAA
,
PCI-DSS
) are met within the DevOps environment.
6. Continuous Improvement
Continuously assess and improve security processes and tools to keep pace with evolving threats and industry best practices.
Stay current with the latest developments in DevOps, cloud security, and security automation technologies.
Ensure that feedback loops are established to learn from past incidents and improve security in future iterations of software development.
Technical Requirements
1. Hands-On DevSecOps Experience
Strong experience with DevOps tools and platforms (e.g.,
Jenkins
,
GitLab
,
Travis CI
,
Azure DevOps
,
CircleCI
).
Hands-on experience automating security tests (e.g., SAST, DAST, IAST) and integrating security tools into CI/CD pipelines.
Desired exposure to
container security
tools (e.g.,
SentinelOne, Aqua Security
,
Twistlock
,
Sysdig
).
Desired experience with cloud infrastructure security for
AWS
,
Azure
, or
Google Cloud
, including the use of cloud security tools (e.g.,
AWS GuardDuty
,
Azure Security Center
,
GCP Security Command Center)
2. Programming & Scripting Skills
Proficiency in at least one programming language (e.g.,
Python
,
Go
,
Java
,
Node.js
) and scripting languages like
Bash
or
PowerShell
.
Experience with infrastructure-as-code (IaC) tools such as
Terraform
,
Ansible
,
Puppet
, or
Chef
to automate security configurations.
Familiarity with building and securing containerized environments, particularly with
Docker
and
Kubernetes
.
3. Cloud Security Expertise
Knowledge of securing microservices architectures, API gateways, and distributed systems.
Desired experience securing cloud-native services, containers, and serverless architectures.
Desired experience in implementing
identity and access management (IAM)
policies,
data encryption
,
network segmentation
, and
logging/monitoring
in cloud environments.
4. Security Certifications (Preferred)
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
AWS Certified DevOps Engineer - Professional
Certified Kubernetes Security Specialist (CKS)
Certified Ethical Hacker (CEH)
Skills & Experience
Bachelor's Degree
in Information Security, Computer Science, or related field (or equivalent work experience).
5+ years
of experience in security engineering or DevSecOps.
Strong understanding of
security frameworks
such as
NIST
,
CIS
, and
OWASP Top 10
.
Experience in cloud security, including public cloud (AWS, Azure, GCP) and cloud-native applications.
Demonstrated ability to work with development and operations teams to implement security controls in a DevOps environment.
Teamwork & Collaboration Expectations
Collaborate with development, DevOps, and security teams to align on security requirements and practices within the SDLC.
Work cross-functionally to identify security risks and enforce secure coding, cloud, and infrastructure practices.
Provide technical leadership and mentor junior team members on DevSecOps practices and automation.
Ability to Work Independently
Demonstrate the ability to work autonomously in developing and implementing security architectures for cloud and DevOps environments.
Manage multiple projects independently, prioritizing tasks based on risk and business needs.
Lead the identification and remediation of security issues within applications and infrastructure without requiring constant oversight.
Training & Development
Ongoing Training:
Participate in continuous learning and training in
cloud security
,
DevSecOps
, and
security automation
technologies.
Pursue professional training and/or certifications in areas such as
cloud security
and
security automation
(e.g.,
AWS Certified DevOps
,
CKS
,
CCSP
).
Internal Training:
Conduct internal training sessions to upskill developers and DevOps teams on secure coding and security automation.
Participate in company-led cybersecurity training and awareness programs to stay aligned with organizational goals and strategies.
Disclosure required under applicable law in California, Colorado, Illinois, Maryland, Minnesota, New York, New Jersey, and Washington states: The expected salary range for this position is $110,000 to $130,000 and will be impacted by factors such as the successful candidate's skills, experience and working location, as well as the specific position's business line, scope and level. If you believe that your qualifications and experience surpass the minimum requirements for this role, we encourage you to submit your application. By doing so, we will be able to keep your application on file for consideration for potential future positions within our organization. HUB International is proud to offer comprehensive benefit and total compensation packages which could include
health/dental/vision/life/disability
insurance, FSA, HSA and 401(k) accounts, paid-time-off benefits such as vacation, sick, and personal days, and eligible bonuses, equity and commissions for some positions.
Department Information Technology
Required Experience: 2-5 years of relevant experience
Required Travel: Up to 25%
Required Education: Bachelor's degree (4-year degree)
HUB International Limited is an equal opportunity employer that does not discriminate on the basis of race/ethnicity, national origin, religion, age, color, sex, sexual orientation, gender identity, disability or veteran's status, or any other characteristic protected by local, state or federal laws, rules or regulations.
E-Verify Program (https://hubinternational.jobs/e-verify/)
We endeavor to make this website accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the recruiting team HUBRecruiting@hubinternational.com . This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.