Principal Security Engineer

At TruStage, we’re on a mission to make a brighter financial future accessible to everyone.  We put people first, and work hand in hand with employees and customers to create a diverse and inclusive environment. Passionate about building insurance, investment and technology solutions, we push the boundaries of what’s possible. We need you to help us shape what’s next. You’ll be encouraged to share your experiences, ideas and skills to help others take control of their financial future.

Join a team that has received numerous awards for being a top place to work: TruStage awards and recognition

Job Description Summary

The Principal Security Engineer is a senior-level role responsible for leading the design, implementation, and management of security infrastructure strategies at TruStage. This individual will work collaboratively with our information security team and play a critical role in securing user access, protecting endpoints, and ensuring that the infrastructure aligns with security best practices and compliance requirements. The ideal candidate will have deep technical and hands-on expertise in IAM, endpoint protection, vulnerability management and other enterprise-level security engineering areas; capable of driving both technical and strategic initiatives.

Job Responsibilities:
List of general activities, duties and/or tasks typically performed within the job.

Identity and Access Management (IAM)

• Design, implement, and manage TruStage’s IAM infrastructure, ensuring secure and streamlined access to systems and applications.
• Lead the development and management of user provisioning, authentication, and authorization services (e.g., SSO, MFA, RBAC, PAM).
• Collaborate with internal teams to define and enforce least-privilege access, segregation of duties, and lifecycle management of user identities.
• Evaluate and implement IAM solutions and technologies, including cloud-based identity platforms (e.g., Okta).
• Regularly audit and assess IAM processes to ensure compliance with regulatory requirements and internal policies.

Endpoint Security and Vulnerability Management

• Develop and oversee the endpoint security strategy, including the selection, implementation, and management of our endpoint protection platforms (EPP) and endpoint detection and response (EDR)
• Ensure robust monitoring and protection of all endpoints against malware, ransomware, phishing, and other threats.
• Ensure endpoint security tools are properly configured, updated, and integrated with other security systems.
• Lead initiatives for patch management, vulnerability scanning, and automated remediation of endpoint threats.
• Drive efforts to improve our security posture through regular assessments, audits, and the implementation of advanced protection features such as encryption and data loss prevention (DLP).

Leadership and Collaboration

• Act as the subject matter expert in IAM, endpoint security, vulnerability management, CASB, and PKI providing guidance and mentorship to other security engineers and IT staff.
• Collaborate with cross-functional teams including Infosec, AppDev, and business units to ensure alignment of IAM and endpoint security controls with overall security objectives.
• Lead incident response activities related to identity breaches or endpoint compromises, providing technical leadership in incident triage, containment, and remediation.
• Participate in security architecture reviews and threat modeling to identify risks and enforce best security practices in the design and deployment of systems.

Governance, Risk, and Compliance

• Ensure security processes across IAM, endpoint security, vulnerability management, and cloud services comply with relevant regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).
• Develop and maintain security policies, procedures, and playbooks.
• Conduct periodic security assessments and audits to identify gaps and ensure continuous improvement of security practices.
• Provide input and recommendations to the broader security strategy and TruStage’s risk management framework.

Innovation & Continuous Improvement

• Stay current with emerging security threats, trends, and technologies.
• Research and recommend new tools and solutions to enhance our security posture.
• Lead efforts to automate and streamline security processes to improve efficiency and reduce risk.

The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time.

Job Requirements:

List of general education, background and experience, knowledge, skills, and abilities typically required to effectively perform the responsibilities of the job. Also include any required licenses and/or designations.

• Bachelor’s degree in computer science, information security, or related field, or equivalent combination of education and/or related professional work experience.
• 10+ years of experience in security engineering.
• Expertise in IAM technologies, such as SSO, MFA, RBAC, and PAM, with hands-on experience in platforms like Okta, Azure AD.
• Strong experience with endpoint security tools such as EPP, EDR and DLP.
• In-depth experience with vulnerability management tools and techniques.
• In-depth knowledge of security frameworks and standards (e.g., NIST, ISO 27001, CIS) and regulatory compliance requirements.
• Proven track record of securing identities and endpoints in cloud and on-premises environments.
• Preferred:
  • Certifications such as CISSP, CISM or equivalent.
  • Familiarity with Zero Trust Architecture principles.
  • Experience with securing endpoints in a remote or hybrid work environment.

#LI-SW

#LI-Remote

If you’re ready to help make a difference, apply today. Please provide your Work Experience and Education or attach a copy of your resume.  Applications received without this information may be removed from consideration.

Compensation may vary based on the job level, your geographic work location, position incentive plan and exemption status.

Base Salary Range:

At TruStageTM, we believe a sound, inclusive benefits program is of vital importance, along with a flexible workplace that allows for work-life balance, career growth and retirement assistance. In addition to your base pay, your position may be eligible for an annual incentive (bonus) plan.  Additional benefits available to eligible employees include medical, dental, vision, employee assistance program, life insurance, disability plans, parental leave, paid time off, 401k, and tuition reimbursement, just to name a few. Beyond pay and benefits, we also recognize that flexibility, including working in a place you prefer, is essential to caring for our employees.  We will continue to strive to offer flexibility and invest in technology and other tools that will make hybrid working normal rather than an exception, so that when “life happens,” you can focus on what’s most important.

Accommodation request

TruStage is a place where everyone can bring their best self and thrive. If you need application or interview process accommodations, please contact the accessibility department.