Jobs · Information Technology · California

Senior Information Security Engineer

Orange County's Credit Union · South Santa Ana, CA · 2 wk ago
Information Technology$109k–$136k/yrFull-time

About the role

Join Orange County’s Federal Credit Union as a Senior Information Security Engineer—a key, high-impact role responsible for strengthening the confidentiality, integrity, and availability of our critical systems across on-prem and cloud environments.

Responsibilities

  • Lead complex risk, vulnerability, and purple-team assessments to identify, validate, and remediate threats.
  • Architect secure network, application, data, and cloud environments—covering AWS, Azure, DevSecOps pipelines, and enterprise platforms.
  • Drive implementation of security tooling, automation frameworks, EDR/XDR, SIEM, SOAR, and secure configuration baselines.
  • Partner with Engineering, Infrastructure, and external vendors to design and validate secure solutions.
  • Serve on the Cybersecurity Incident Response Team, leading investigations and post-incident improvements.
  • Create and maintain security policies, training, and best practices, mentoring teams on zero-trust and security-by-design principles.
  • Designs, develops, and documents: (1) network security architecture and baseline configuration standards for firewalls, routers, switches, load balancers, and related network appliances; (2) device security architecture and baseline configuration standards for servers, workstations and mobile devices; (3) application and data security architecture and baseline configuration standards for databases and enterprise applications; and (4) cloud platform security architecture and baseline configuration standards for AWS and Microsoft Azure services.
  • Provide expert guidance in areas such as vendor risk, cloud security, secure coding, and application security.
  • Conducts and leads purple team risk and vulnerability assessments against systems and processes to ensure appropriate controls are in place, and recommends and implements controls to remediate risk findings.

Requirements

  • Bachelor’s Degree in Computer Science, Information Security, Information Assurance, or related technology field.
  • 7+ years of hands-on experience in enterprise information/cyber security and IT risk management.
  • 3+ years of deep expertise in AWS and Azure security, cloud-native tools, and modern security architectures.
  • Strong background in threat modeling, network security, vulnerability management, automation, and secure engineering practices.
  • Experience with industry frameworks such as NIST, CIS, PCI DSS, FFIEC.
  • Proven experience with regulations, policies, standards and framework pertaining to information and cyber security including PCI DSS standards, FFIEC guidelines on cybersecurity, CIS/NIST framework.
  • Proven experience with secure coding standards and best practices; SAST/DAST/IAST tooling; API security; and integration of security controls into CI/CD pipelines (DevSecOps).
  • Proven experience with virtualization and container technologies, such as VMware, Citrix Xen, Docker, or Kubernetes.
  • At least one relevant certification (CISSP, GIAC, Security+, AWS Security – Specialty, Azure Security Engineer, etc.).
  • Ability to influence, partner cross-functionally, and operate under urgency with sound judgment.

Qualifications

  • California residency and living within a 50-mile commute of our headquarters in Santa Ana.

Skills

  • Threat modeling
  • Vulnerability management
  • Automation
  • Secure engineering practices
  • Industry frameworks (NIST, CIS, PCI DSS, FFIEC)
  • Secure coding standards
  • Virtualization and container technologies (VMware, Citrix Xen, Docker, Kubernetes)
  • Relevant certifications (CISSP, GIAC, Security+, AWS Security – Specialty, Azure Security Engineer, etc.)

Pay

The targeted annual salary range is $108,895 to $136,000. Final offer will be determined based on experience, education, training/certifications and specialized skills.

Schedule

This position is currently hybrid-eligible, with the expectation of three days pre-assigned on-site attendance.

Similar jobs