Patelco Credit Union
About Patelco Credit Union
Patelco Credit Union is a not-for-profit credit union with a purpose to build financial health and wellbeing for our members. Since 1936, Patelco has grown from $500 in assets to over $9 billion in assets and is the 7th largest credit union in California with branches throughout Northern California.
We are here for our members throughout all their stages of life. Meeting them with the products and services to help them plan purposefully for their futures and to secure our life-long partnership as their trusted financial advocate. As one team, we are all committed to delivering service, empowering financial literacy, creating products, and providing new technology for our members.
We believe that work should be rewarding, challenging, and enjoyable. We're dedicated to creating a positive and supportive culture where our team members can thrive. If you're looking to use your skills and knowledge to make a difference in our members' lives, Patelco could be the perfect fit for you.
Overview
The Principal Security Engineer serves as a senior technical authority within the Security Engineering and Operations team, operating at an equal level to the Manager role but focused on technical leadership rather than people management. This position requires deep expertise across multiple security domains including security architecture, cloud security, application security, vulnerability management, threat modeling, and security automation.
The Principal Security Engineer acts as the technical escalation point for complex security challenges, leads architectural decisions for security platforms and controls, and drives innovation in security engineering practices. This role bridges strategic security initiatives with hands-on technical implementation, partnering closely with the Manager, Security Engineering and Operations to advance the organization's security posture.
The successful candidate combines extensive technical expertise with the ability to influence cross-functional teams, translate business requirements into technical solutions, and mentor security engineers in advanced concepts and methodologies.
Responsibilities
Security Architecture & Strategic Planning
Design and evolve enterprise security architecture across endpoints, network, cloud, identity, and application layers Lead architecture reviews and provide authoritative guidance on security design patterns, technology selection, and implementation approaches Develop multi-year technical roadmaps for security platform evolution and capability maturity Perform comprehensive threat modeling using STRIDE, DREAD, and PASTA methodologies to identify risks in systems, applications, and emerging technologies Define security reference architectures and design patterns for cloud-native, hybrid, and on-premises environments Evaluate emerging security technologies and provide strategic recommendations for platform consolidation or enhancement
Cloud Security & Infrastructure
Architect and implement cloud security controls across AWS, Azure, and/or GCP environments Design and deploy Cloud Security Posture Management (CSPM) solutions with automated remediation capabilities Implement Infrastructure as Code (IaC) security scanning and policy enforcement using tools such as Terraform, CloudFormation security analysis Lead cloud security initiatives including Container Security, Kubernetes security hardening, and serverless security architectures Design and implement Cloud Access Security Broker (CASB) solutions and data loss prevention controls Establish cloud security baselines aligned with CIS Benchmarks and industry frameworks
Application Security & DevSecOps
Lead enterprise Application Security (AppSec) program strategy and technical implementation Design and implement DevSecOps pipelines integrating SAST, DAST, SCA, and container scanning tools Architect security gates and quality metrics within CI/CD pipelines across diverse development platforms Conduct manual security code reviews and architecture assessments for high-risk applications Develop secure coding standards, security design patterns, and security testing strategies Partner with development teams to embed security champions programs and shift-left security practices Lead remediation strategies for complex application vulnerabilities and secure software supply chain initiatives
Vulnerability Management & Risk Reduction
Design and optimize enterprise vulnerability management programs across IT and cloud infrastructure Establish risk-based prioritization frameworks incorporating threat intelligence, asset criticality, and business impact Lead technical remediation planning for critical and high-risk vulnerabilities Perform technical risk assessments and develop compensating controls for accepted risks Implement automated vulnerability scanning orchestration and continuous assessment capabilities Collaborate with GRC team to translate technical vulnerabilities into business risk language
Security Automation & Engineering Excellence
Design and implement security automation workflows using SOAR platforms, scripting (Python, PowerShell), and orchestration tools Build automated response playbooks for common security operations scenarios Develop custom security tooling and integrations to address capability gaps Architect security telemetry pipelines, log aggregation, and data normalization strategies Lead infrastructure-as-code initiatives for security tool deployment and configuration management Implement automated security testing frameworks and continuous validation mechanisms
Detection Engineering & Threat Intelligence
Collaborate with detection engineering teams to design advanced detection logic aligned with MITRE ATT&CK Architect threat intelligence integration strategies to operationalize indicators, TTPs, and threat actor profiles Design and implement purple team exercises to validate detection coverage and response capabilities Contribute to behavioral analytics development and anomaly detection capabilities
Technical Leadership & Collaboration
Serve as technical escalation point for Security Engineering team and broader security organization Lead complex, cross-functional security initiatives requiring coordination across IT, DevOps, Cloud, and Engineering teams Provide technical mentorship to Senior Security Engineers and Security Analysts Present technical architecture proposals and security strategies to senior leadership Act as subject matter expert in incident response activities requiring deep technical analysis Represent security engineering in architecture review boards and technical governance forums Lead proof-of-concept evaluations for new security technologies and platforms
Standards, Compliance & Documentation
Develop and maintain security architecture documentation, design standards, and technical guidelines Lead technical assessments for audit, regulatory, and compliance requirements (PCI DSS, GLBA, SOC 2) Design and document security control implementations aligned with NIST CSF, CIS Controls, and ISO 27001 Create technical runbooks, architecture diagrams, and knowledge base articles Ensure security architecture aligns with regulatory requirements for financial services
Understand and comply with all applicable federal and state laws and banking regulations (including those related to OFAC and Bank Secrecy Act / Anti-Money Laundering compliance) and Patelco Credit Union's policies and procedures. Qualifications
Bachelor's degree in computer science, Cybersecurity, Information Security, or related technical discipline, or equivalent experience 10+ years of experience in enterprise technology with 7+ years focused on information security engineering 5+ years of hands-on experience designing and implementing security architectures for hybrid cloud environments 3+ years of experience leading Application Security or DevSecOps programs with SAST/DAST/SCA implementations Demonstrated expertise across multiple security domains: Cloud Security, Application Security, Network Security, Endpoint Security, Identity and Access Management Proven experience with Infrastructure as Code security and DevSecOps pipeline integration Strong proficiency in scripting and automation (Python, PowerShell, Bash, or similar) Hands-on experience with threat modeling and security architecture design Deep experience with vulnerability management platforms and risk assessment methodologies Experience with security automation and SOAR platforms Knowledge of detection engineering principles and MITRE ATT&CK framework Experience in regulated industries such as financial services required Professional security certifications required (one or more of the following): CISSP (Certified Information Systems Security Professional) CCSP (Certified Cloud Security Professional) CISM (Certified Information Security Manager) GIAC certifications (GIAC Security Expert preferred) Additional certifications preferred: Cloud provider security certifications (AWS Certified Security Specialty, Azure Security Engineer, Google Cloud Security Engineer) OSCP (Offensive Security Certified Professional) CSSLP (Certified Secure Software Lifecycle Professional) Strong understanding of security frameworks: NIST CSF, CIS Controls, ISO 27001, NIST 800-53 Understanding of FFIEC IT Examination Handbooks and financial services regulatory requirements Demonstrated success leading complex security platform implementations or transformations Proven ability to mentor engineers and drive technical excellence across teams This is a hybrid located in Dublin HQ May require occasional travel for conferences, training, or vendor meetings Target Base Pay
$165,255 /year
Compensation at Patelco
Please note that the salary information is a general guideline only. Patelco Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits
We Offer
Physical Health:
Exceptional Medical, Dental, Vision, and Life Insurance benefits Onsite fitness center at HQ and rewards for completing wellness related activities Financial Health:
Competitive compensation packages with bonus opportunity 401(k) with 3% Safe Harbor and 5% employer match Discounts on loan products Tuition reimbursement Emotional Health:
Employee Assistance Program (EAP) PTO for part-time and full-time positions Paid holidays Personal Development:
On-the-job training and skills development Internal transfer opportunities for career growth Volunteer work
Flexible work arrangements available for specific positions
Patelco Credit Union is an Equal Opportunity Employer including individuals with disabilities and protected veterans
IND123
Patelco Credit Union is a not-for-profit credit union with a purpose to build financial health and wellbeing for our members. Since 1936, Patelco has grown from $500 in assets to over $9 billion in assets and is the 7th largest credit union in California with branches throughout Northern California.
We are here for our members throughout all their stages of life. Meeting them with the products and services to help them plan purposefully for their futures and to secure our life-long partnership as their trusted financial advocate. As one team, we are all committed to delivering service, empowering financial literacy, creating products, and providing new technology for our members.
We believe that work should be rewarding, challenging, and enjoyable. We're dedicated to creating a positive and supportive culture where our team members can thrive. If you're looking to use your skills and knowledge to make a difference in our members' lives, Patelco could be the perfect fit for you.
Overview
The Principal Security Engineer serves as a senior technical authority within the Security Engineering and Operations team, operating at an equal level to the Manager role but focused on technical leadership rather than people management. This position requires deep expertise across multiple security domains including security architecture, cloud security, application security, vulnerability management, threat modeling, and security automation.
The Principal Security Engineer acts as the technical escalation point for complex security challenges, leads architectural decisions for security platforms and controls, and drives innovation in security engineering practices. This role bridges strategic security initiatives with hands-on technical implementation, partnering closely with the Manager, Security Engineering and Operations to advance the organization's security posture.
The successful candidate combines extensive technical expertise with the ability to influence cross-functional teams, translate business requirements into technical solutions, and mentor security engineers in advanced concepts and methodologies.
Responsibilities
Security Architecture & Strategic Planning
Design and evolve enterprise security architecture across endpoints, network, cloud, identity, and application layers Lead architecture reviews and provide authoritative guidance on security design patterns, technology selection, and implementation approaches Develop multi-year technical roadmaps for security platform evolution and capability maturity Perform comprehensive threat modeling using STRIDE, DREAD, and PASTA methodologies to identify risks in systems, applications, and emerging technologies Define security reference architectures and design patterns for cloud-native, hybrid, and on-premises environments Evaluate emerging security technologies and provide strategic recommendations for platform consolidation or enhancement
Cloud Security & Infrastructure
Architect and implement cloud security controls across AWS, Azure, and/or GCP environments Design and deploy Cloud Security Posture Management (CSPM) solutions with automated remediation capabilities Implement Infrastructure as Code (IaC) security scanning and policy enforcement using tools such as Terraform, CloudFormation security analysis Lead cloud security initiatives including Container Security, Kubernetes security hardening, and serverless security architectures Design and implement Cloud Access Security Broker (CASB) solutions and data loss prevention controls Establish cloud security baselines aligned with CIS Benchmarks and industry frameworks
Application Security & DevSecOps
Lead enterprise Application Security (AppSec) program strategy and technical implementation Design and implement DevSecOps pipelines integrating SAST, DAST, SCA, and container scanning tools Architect security gates and quality metrics within CI/CD pipelines across diverse development platforms Conduct manual security code reviews and architecture assessments for high-risk applications Develop secure coding standards, security design patterns, and security testing strategies Partner with development teams to embed security champions programs and shift-left security practices Lead remediation strategies for complex application vulnerabilities and secure software supply chain initiatives
Vulnerability Management & Risk Reduction
Design and optimize enterprise vulnerability management programs across IT and cloud infrastructure Establish risk-based prioritization frameworks incorporating threat intelligence, asset criticality, and business impact Lead technical remediation planning for critical and high-risk vulnerabilities Perform technical risk assessments and develop compensating controls for accepted risks Implement automated vulnerability scanning orchestration and continuous assessment capabilities Collaborate with GRC team to translate technical vulnerabilities into business risk language
Security Automation & Engineering Excellence
Design and implement security automation workflows using SOAR platforms, scripting (Python, PowerShell), and orchestration tools Build automated response playbooks for common security operations scenarios Develop custom security tooling and integrations to address capability gaps Architect security telemetry pipelines, log aggregation, and data normalization strategies Lead infrastructure-as-code initiatives for security tool deployment and configuration management Implement automated security testing frameworks and continuous validation mechanisms
Detection Engineering & Threat Intelligence
Collaborate with detection engineering teams to design advanced detection logic aligned with MITRE ATT&CK Architect threat intelligence integration strategies to operationalize indicators, TTPs, and threat actor profiles Design and implement purple team exercises to validate detection coverage and response capabilities Contribute to behavioral analytics development and anomaly detection capabilities
Technical Leadership & Collaboration
Serve as technical escalation point for Security Engineering team and broader security organization Lead complex, cross-functional security initiatives requiring coordination across IT, DevOps, Cloud, and Engineering teams Provide technical mentorship to Senior Security Engineers and Security Analysts Present technical architecture proposals and security strategies to senior leadership Act as subject matter expert in incident response activities requiring deep technical analysis Represent security engineering in architecture review boards and technical governance forums Lead proof-of-concept evaluations for new security technologies and platforms
Standards, Compliance & Documentation
Develop and maintain security architecture documentation, design standards, and technical guidelines Lead technical assessments for audit, regulatory, and compliance requirements (PCI DSS, GLBA, SOC 2) Design and document security control implementations aligned with NIST CSF, CIS Controls, and ISO 27001 Create technical runbooks, architecture diagrams, and knowledge base articles Ensure security architecture aligns with regulatory requirements for financial services
Understand and comply with all applicable federal and state laws and banking regulations (including those related to OFAC and Bank Secrecy Act / Anti-Money Laundering compliance) and Patelco Credit Union's policies and procedures. Qualifications
Bachelor's degree in computer science, Cybersecurity, Information Security, or related technical discipline, or equivalent experience 10+ years of experience in enterprise technology with 7+ years focused on information security engineering 5+ years of hands-on experience designing and implementing security architectures for hybrid cloud environments 3+ years of experience leading Application Security or DevSecOps programs with SAST/DAST/SCA implementations Demonstrated expertise across multiple security domains: Cloud Security, Application Security, Network Security, Endpoint Security, Identity and Access Management Proven experience with Infrastructure as Code security and DevSecOps pipeline integration Strong proficiency in scripting and automation (Python, PowerShell, Bash, or similar) Hands-on experience with threat modeling and security architecture design Deep experience with vulnerability management platforms and risk assessment methodologies Experience with security automation and SOAR platforms Knowledge of detection engineering principles and MITRE ATT&CK framework Experience in regulated industries such as financial services required Professional security certifications required (one or more of the following): CISSP (Certified Information Systems Security Professional) CCSP (Certified Cloud Security Professional) CISM (Certified Information Security Manager) GIAC certifications (GIAC Security Expert preferred) Additional certifications preferred: Cloud provider security certifications (AWS Certified Security Specialty, Azure Security Engineer, Google Cloud Security Engineer) OSCP (Offensive Security Certified Professional) CSSLP (Certified Secure Software Lifecycle Professional) Strong understanding of security frameworks: NIST CSF, CIS Controls, ISO 27001, NIST 800-53 Understanding of FFIEC IT Examination Handbooks and financial services regulatory requirements Demonstrated success leading complex security platform implementations or transformations Proven ability to mentor engineers and drive technical excellence across teams This is a hybrid located in Dublin HQ May require occasional travel for conferences, training, or vendor meetings Target Base Pay
$165,255 /year
Compensation at Patelco
Please note that the salary information is a general guideline only. Patelco Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits
We Offer
Physical Health:
Exceptional Medical, Dental, Vision, and Life Insurance benefits Onsite fitness center at HQ and rewards for completing wellness related activities Financial Health:
Competitive compensation packages with bonus opportunity 401(k) with 3% Safe Harbor and 5% employer match Discounts on loan products Tuition reimbursement Emotional Health:
Employee Assistance Program (EAP) PTO for part-time and full-time positions Paid holidays Personal Development:
On-the-job training and skills development Internal transfer opportunities for career growth Volunteer work
Flexible work arrangements available for specific positions
Patelco Credit Union is an Equal Opportunity Employer including individuals with disabilities and protected veterans
IND123