Senior Information Security Engineer
Job Description
POSITION SUMMARY:
The Sr Information Security Engineer is responsible for designing, implementing, and continuously improving the technical security controls that protect internally developed applications, including cloud systems, containerized, and serverless workloads.
This role is a hands-on application security specialist who performs deep secure code reviews, leads threat modeling, and drives remediation of complex vulnerabilities across the SDLC.
Collaborating with other technical teams, this role ensures secure application development, deployment, and operation by assessing maturity, defining security requirements and guardrails, and delivering prioritized recommendations to improve pipeline controls, tooling, and integrations within the DevSecOps pipeline.
Key responsibilities include conducting application security assessments, guiding secure software development practices, and advancing the maturity of application security capabilities.
The Information Security Engineer partners with development, operations, and security teams to embed security into development practices and responds as a subject matter expert during application-related security incidents.
ACCOUNTABILITIES:
Application Security Engineering
• Perform secure code reviews for internally developed applications and services, identifying vulnerabilities, insecure patterns, and design flaws; provide clear remediation guidance and verification.
• Lead application security assessments across the SDLC, including design reviews, threat modeling, security requirements definition, and pre-release security sign-off criteria.
• Support driving vulnerability management for application findings by prioritizing risk, defining remediation plans, tracking progress, and validating fixes.
• Establish and maintain secure coding standards, reusable security patterns, and developer guidance for the organization; provide coaching and enablement to engineering teams.
• Perform security reviews of AI/ML solutions, including data ingestion pipelines, feature stores, model training workflows, model artifact handling, and inference/serving services.
• Define and validate guardrails for AI/ML features (input/output handling, access controls, content filtering, secret protection, environment separation)
• Work collaboratively with development, DevOps, QA, and infrastructure teams to integrate security controls into CI/CD pipelines and application architectures.
• Support the ongoing maturity of the Information Security program through focused process improvements.
• Maintain up-to-date knowledge of application security frameworks, DevSecOps methodologies, and relevant laws, regulations, and industry standards (e.g., OWASP, NIST, PCI DSS).
• Manage and remediate application vulnerabilities by guiding secure coding practices, code review, automated static/dynamic analysis, and penetration testing.
• Participate in the evaluation of vendor proposals, conduct proc...
- Rate: Not Specified
- Location: Minneapolis, US-MN
- Type: Permanent
- Industry: Finance
- Recruiter: Be The Match
- Contact: Not Specified
- Email: to view click here
- Reference: 1836
- Posted: 2026-02-12 07:38:33 -
- View all Jobs from Be The Match
More Jobs from Be The Match
- Yard Truck Driver
- Nightshift Forklift Operator
- Nightshift Saw Operator
- Technical Infrastructure Program Manager Senior
- Machine Tender III (D) - Cell Leader
- Stationary Engineer-II
- Junior Production Specialist
- Nutrition Lead
- Human Resources Business Partner
- Machine Tender (D)
- Surgical Services Business Analyst
- Registered Nurse (Birth Center)
- Clinical Documentation Specialist
- Registered Nurse (NICU)
- Area Sales Manager
- Physical Therapy Assistant
- Registered Nurse RN Case Manager
- Physical Therapy Assistant
- Physical Therapist
- Social Worker MSW