Sr. Information Security Engineer - DevSecOps

Sr Information Security Engineer
The Senior Information Security Engineer conducts network and software vulnerability assessments and testing by utilizing reverse engineering techniques. This job tests the current state of the information security architecture and provides improvement recommendations by gathering key insights found from testing and analyzing the current systems and networks. This job also evaluates system security configurations and performs root cause analysis to determine how to provide optimal IT security for the organization.

Key Responsibilities and Duties

• Executes vulnerability analysis and exploitation of applications, operating systems and networks.
• Identifies intrusion or incident path or method through testing and evaluation procedures.
• Contributes to the design, development and implementation of countermeasures, systems integration and tools specific to cyber and information operations.
• Resolves complex malware and intrusion issues within the system as they occur.
• Monitors industry security updates, technologies and practices on a continual basis to improve overall security management.
• Serves as an internal information security consultant on the standards, complex issues and best practices for the organization.
• Performs testing and analysis of complex software systems to determine both the functionality and intent of the systems.
• Builds and maintains operational and configuration documentation and creates and maintains diagrams.
• Works with Cybersecurity Risk and Security Operation teams to enhance the overall security posture of the enterprise.

Minimum Qualifications

• 3 years of experience in cybersecurity for a mid-large sized organization
• Direct experience with vulnerability scanning tools, including:
  • Baseline scan design and troubleshooting
  • Database scanning (Postgres, Oracle, or similar)

Preferred Qualifications

• 5+ years of experience providing cybersecurity solutions in an enterprise environment
• Previous experience owning or administering tools for SAST, DAST and Attack Surface Management
• Experience designing or operating CVSS-agnostic or augmented risk scoring models
• Ability to translate vulnerability data into executive-level metrics and KRIs
• Experience owning and maintaining procedure documentation, runbooks, and operational standards
• Comfort operating in regulated environments
• Experience supporting audits, exams, or regulatory reviews (FFIEC, OCC, SOX, or similar)
• Experience automating vulnerability workflows and reporting (PowerShell, Python, APIs, or vendor scripting)

Educational Requirements

• University (Degree) Preferred

Physical Requirements

• Physical Requirements: Sedentary Work

Career Level
7IC

Posting end date - 5/26/26