Sr. Risk Engineer - Req #155

Role

Senior Risk Engineer responsible for defining and enforcing security standards, validating compliance with regulatory frameworks, and strengthening the vulnerability management program. The role is highly collaborative and visible across IT, security engineering, software development, and business units.

Key Responsibilities

• Create, refine, and enforce security standards and procedures across the organization.
• Monitor and validate adherence to regulatory frameworks, industry standards, and internal policies; identify control weaknesses and compliance issues.
• Use security tools to identify, assess, and assist in remediation of vulnerabilities across infrastructure and applications.
• Partner with IT, security engineering, development, and business teams to embed security into projects and processes.
• Evaluate emerging threats, analyze system risks, and recommend mitigation strategies.
• Participate in regulatory reviews, generate reports, execute third-party security reviews, and work with Internal Audit.
• Perform system reviews for network devices, web applications, and operating systems ensuring compliance with CIS standards.
• Work independently, make judgment calls as needed, and coach/mentor junior engineers and analysts.

Requirements

• Bachelor’s degree in IT/IS or equivalent hands-on experience.
• 5–7 years in information security, risk engineering, or related fields.
• Industry-recognized certifications such as SecurityX, GSEC, or CISSP.
• Hands-on experience with vulnerability management tools (e.g., Qualys, Tenable, Rapid7) and SIEM platforms.
• Knowledge of compliance frameworks and standards (NIST, SOC 2) and familiarity with FFIEC guidelines.
• Ability to assess complex systems, identify risks, and propose actionable solutions.
• Strong communication skills with the ability to influence stakeholders and present findings to leadership.
• Scripting and automation capability in Python, Perl, or Powershell; familiarity with Ansible, terraform, or n8n is a plus.
• General knowledge of routing/switching, network security, and operating systems (Windows, Linux, MacOS).
• Experience with cloud and container environments and familiarity with CI/CD security controls and container compliance.

Benefits

• Hybrid work schedule and ample paid time off
• Customized training and onboarding; access to training from SANS, PluralSight, and CBTNuggets
• Robust employee development programs and one-on-one career coaching
• Generous PTO, tuition reimbursement, and competitive compensation
• On-site fitness centers, wellness incentives, and lifestyle spending accounts
• DEIB initiatives, financial planning assistance, and peer recognition programs

Additional Notes

• Position requires US work authorization without sponsorship.
• Pre-employment credit, background, and substance tests are required.