Job Closed

This listing is no longer active.

Highway.ai logo
Highway.ai

Industry-leading data-powered solutions for real estate professionals. Parent company of MBS Highway, ListReports, & CMA

Director of Security and Infrastructure

Security EngineerSecurity EngineerFull TimeRemoteLeadTeam 51-200H1B No SponsorCompany SiteLinkedIn

Location

United States

Posted

106 days ago

Salary

$140K - $160K / year

Seniority

Lead

Bachelor Degree7 yrs expEnglishAWSTerraform

Job Description

Director of Security and Infrastructure

Highway.ai

• The Director of Security & Infrastructure is a hands-on technical leadership role responsible for maintaining a robust security posture and reliable infrastructure operations across Highway's technology platform. • This role owns the security of our application, AWS environment, and endpoints while ensuring the performance, scalability, and availability of our infrastructure. • You'll work closely with the VP of Engineering and senior engineering team to embed security into development practices and maintain operational excellence. • This is not a pure policy or compliance role - we need someone who can architect solutions, configure tools, and respond to incidents while also building frameworks and processes that scale with our growth.

Job Requirements

  • 5-7+ years in security engineering, infrastructure operations, or similar technical roles
  • Hands-on AWS experience - you should be comfortable configuring security groups, IAM policies, CloudWatch, and other AWS services
  • Security expertise across application security, network security, and endpoint protection
  • Infrastructure operations background - you've managed production systems and understand reliability, monitoring, and incident response
  • Proven ability to balance security with business needs - you know when to say "no" and when to find pragmatic solutions
  • Strong communication skills - you can explain technical security concepts to non-technical stakeholders
  • Self-directed and comfortable with ambiguity - you can prioritize and execute without constant direction
  • Experience in SaaS or financial services environments (preferred)
  • Relevant certifications (CISSP, AWS Security Specialty, CEH, OSCP) (preferred)
  • Familiarity with security frameworks (NIST, OWASP) (preferred)
  • Experience with infrastructure-as-code (Terraform, CloudFormation) (preferred)
  • Background in DevSecOps practices (preferred)
  • Experience preparing for or maintaining security certifications (SOC 2, ISO 27001) (preferred)
  • Mortgage or fintech industry background (preferred)
  • Prior experience at a company in the 50-150 employee range (preferred)

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam 501-1,000Since 1916H1B No Sponsor

• The Security Engineer manages Information Technology security protections with the goal of protecting PPFA from and reducing the impact of security incidents and system compromises for the organization. • This position provides security monitoring, event investigation and analysis, and countermeasure proposals on a 24x7 basis along with providing support and guidance to Tier I Analysts, will provide technical assistance for Tier II & III incidents as assigned, and is responsible to directly interface with the InfoSec Operations Team, Managed Security Service Provider (MSSP) and IT Managed Service Provider (MSP) as it relates to security event architecture, collection, management, reporting, and alerting within PPFA’s SIEM Platforms. • The Security Engineer will engage with InfoSecOps, InfoSec, ITOps/MSP, the MSSP, ATS and staff within both PPFA and Affiliates. • The Security Engineer will deliver by identifying, implementing, and maintaining Information Security toolsets, primarily focused on SIEM, to protect the organization; interfacing with IT Ops to ensure proper security event logging setup; and, where applicable, supporting the Information Security SIEM management needs of PPFA and Affiliates. • Act as a Subject Matter Expert for PPFA’s SIEM (currently Splunk) and be able to configure, manage, operate, and administer the platform from a managed SIEM perspective. • SIEM Security Monitoring – Provide security monitoring and threat/risk analysis in a 24/7 environment. • SIEM Event Filtering – Monitor & ensure established processes for event identification are followed, and, where required, make recommendations for new or refined event filtering, ensuring all updates are completed. • SIEM Event Investigation & Assignment – Monitor & ensure established processes are followed for collecting relevant data and performing the necessary levels of analysis on that data. Ensure events are assigned appropriately. • Tier II Event Escalations - Follow an established process for handling Tier II escalations, identifying the source of the escalation (MSSP, MSP, Affiliate, or other) and the appropriate triage and documentation processes. • Creating and maintaining Standard Operating Procedures (SOPs) for the Information Security Ops group, and providing recommendations on security process improvements. • Support and engage on complex security tool-specific tasks with the assistance and guidance of management, vendor & MSSP resources. • Assist in Vulnerability Assessments setup, scanning, analysis, and remediations, working with IT Ops staff and corporate vendors as needed in correcting errors and alerts as found with the IT infrastructure systems. • Assist in IR incidents as assigned by management. • All other duties as assigned.

United States
$125K - $130K / year
Job Closed
Relay logo

Security Engineer

Relay

Go anywhere onchain, instantly. Relay makes it easy to move money across any blockchain with a powerful API + App.

Security Engineer106 days ago
Full TimeRemoteTeam 11-50H1B Sponsor

• Own Relay's security posture • Lead threat modeling, vulnerability management, access controls, and dependency auditing • Map Relay's attack surface and document gaps • Harden CI/CD pipelines, secrets management, and least-privilege access • Build and maintain observability • Instrument monitoring, alerting, and dashboards that give the team real-time visibility into Relay's health • Define and enforce SLOs by setting availability and performance targets, and drive the team to meet them • Lead incident response • Own the incident response process end to end: triage when things break, run postmortems, and make sure the same issue doesn't happen twice • Drive compliance readiness • Prepare Relay for customer security reviews and formal certifications (SOC 2, etc.) • Embed security and reliability practices into team culture as we grow

New York
$220K - $250K / year
Job Closed
Arcadia logo

Senior Engineer, Security – AppSec

Arcadia

We transform data into powerful insights that deliver results.

Security Engineer106 days ago
Full TimeRemoteTeam 201-500Since 2002H1B Sponsor

• Design, implement, and maintain application security controls across Arcadia’s cloud-native SaaS platform • Partner with Product and Engineering teams to embed security into system design, development workflows, and CI/CD pipelines • Conduct threat modeling, architecture reviews, and secure design assessments for new and existing services • Own and improve vulnerability management processes, including identification, prioritization, and remediation tracking • Implement and maintain security tooling such as SAST, DAST, dependency scanning, container scanning, and secrets detection • Participate in security incident response activities including detection, investigation, containment, and remediation • Monitor and analyze logs, alerts, and security events to identify suspicious activity and emerging threats • Contribute to detection engineering by tuning alerts, improving signal quality, and reducing noise • Support threat intelligence analysis and apply insights to improve preventive and detective controls • Perform post-incident analysis and recommend technical and process improvements • Build security-as-code solutions to automate control enforcement, validation, and remediation • Use scripting and automation to reduce manual effort and improve consistency • Support secure AWS architecture using services such as EKS, ECS, Lambda, IAM, and VPC • Contribute to identity and access management best practices across AWS, Okta/Auth0, and SaaS platforms • Translate compliance requirements (e.g., SOC 2, ISO 27001, HITRUST, HIPAA) into practical technical controls • Partner with Security Assurance to support audits, evidence collection, and continuous control monitoring • Help identify and remediate security risks discovered through assessments, audits, or incidents

United States
$140K - $175K / year
Doyensec logo

Application Security Intern

Doyensec

We work at the intersection of software development and offensive engineering to help companies craft secure code.

Security Engineer106 days ago
InternshipRemoteTeam 11-50Since 2017H1B No Sponsor

• Perform professional security testing for both startups and Fortune 500 companies • Engage in cutting-edge offensive security research, including tools development

United States