Arch Capital Group Ltd. is self-described as a global leader in insurance, reinsurance, and mortgage insurance solutions. The company leverages its unique under
Senior Security Engineer – North Carolina, Florida, South Carolina Preferred
Location
Florida + 2 moreAll locations: Florida | North Carolina | South Carolina
Posted
15 days ago
Salary
0
Seniority
Senior
Job Description
Senior Security Engineer – North Carolina, Florida, South Carolina Preferred
Arch Capital Group Ltd.
• Design, build, and deploy agentic AI workflows and intelligent autonomous playbooks to automate Tier-1/2 alert triage, context enrichment, and incident response. • Develop and tune complex detection logic across SIEM, EDR/XDR, and cloud platforms, focusing on behavioral analytics and anomaly detection. • Utilize Python to build custom security tools, integrate disparate security APIs, and maintain high-quality, reusable codebases for security orchestration (SOAR). • Lead threat hunting initiatives and serve as a Tier-3 escalation resource for complex, high-severity security incidents. • Analyze attacker tactics, techniques, and procedures (TTPs) to map coverage against the MITRE ATT&CK framework and proactively close gaps. • Secure cloud environments (AWS, Azure, or GCP), with a specific focus on auditing, monitoring, and protecting production AI/LLM pipelines and workloads. • Mentor junior team members, conduct code reviews for automation scripts, and promote robust software engineering best practices within the security team.
Job Requirements
- 7 + years of cybersecurity experience with a focus on security or detection engineering
- 3 + years in a Sr. Security Engineer role
- Deep technical knowledge of incident response, threat hunting, and adversary TTPs.
- Experience implementing and managing detection logic across enterprise SIEM, EDR/XDR, or cloud-native security tools.
- Experience securing and monitoring cloud infrastructure (AWS, Azure, or GCP).
- Demonstrated experience building functional tools in Python/Powershell, interacting with REST APIs, and writing clean, structured code (experience with Git and CI/CD pipelines preferred).
- Bachelor’s degree in Computer Science, Cybersecurity, or Engineering.
- Practical understanding of building or implementing LLM-based agents, prompt engineering, and integrating AI models into automated workflows and custom API integrations.
- Familiarity with AI/LLM-specific security vulnerabilities (e.g., OWASP Top 10 for LLMs, prompt injection, data poisoning, model evasion).
- Experience with SIEM, EDR/XDR, SOAR, or identity security platforms
- Advanced certifications (e.g., CISSP, GIAC GCIA/GCIH, or cloud security certifications).
- Master’s degree in Computer Science, Cybersecurity, IT Management with an emphasis on AI/Automation.
Benefits
- multiple medical plans plus dental, vision and prescription drug coverage
- competitive 401k with generous matching
- PTO beginning at 20 days per year
- up to 12 paid company holidays per year plus 2 paid days of Volunteer Time Off
- basic Life and AD&D Insurance
- Short and Long-Term Disability
- Paid Parental Leave of up to 10 weeks
- Student Loan Assistance and Tuition Reimbursement
- Backup Child and Elder Care
- and more
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Cyber Security Engineer
LTSLTS, a multi-ISO/CMMI Level 3 award-winning company, delivers first-class secure software lifecycle development, IT systems integration, program management, and
• Support cybersecurity engineering for the pilot, including cloud security, RMF/ATO support, compliance documentation, and continuous monitoring. • Secure AWS-based environments through identity and access management, encryption, logging, monitoring, network security, vulnerability management, and configuration hardening. • Configure, monitor, and support AWS security services such as AWS Network Firewall, Security Hub, GuardDuty, CloudWatch, CloudTrail, Inspector, and related capabilities. • Support security planning for an AWS Commercial Cloud environment with consideration for future migration to AWS GovCloud or another VA-approved hosting environment. • Assist with ATO planning, control implementation, evidence collection, compliance reporting, and approval workflows. • Work within eMASS, ServiceNow GRC, or similar risk management systems to support ATO artifacts, information assurance tasking, POA&M tracking, and security documentation. • Develop and maintain SSPs, POA&Ms, SOPs, risk assessments, control narratives, security diagrams, and remediation plans. • Support vulnerability assessments, DISA STIG hardening, configuration compliance reviews, remediation tracking, and audit readiness activities. • Integrate security requirements into architecture, sprint planning, CI/CD processes, testing, and deployment readiness. • Support security reviews for VIA platform capabilities, including data handling, access control, auditability, secure integration, and AI-enabled modernization workflows. • Collaborate with technical and non-technical stakeholders to translate security requirements into practical engineering, documentation, and compliance actions.
Cyber Security SME
9th Way InsigniaServing the federal government with courage, integrity, and excellence.
• Provide expert cybersecurity guidance across enterprise systems, cloud environments, applications, networks, and mission platforms. • Lead the development and implementation of innovative cyber defense strategies that improve detection, prevention, response, and recovery capabilities. • Assess current cyber defense posture and recommend practical, scalable improvements aligned with mission, business, and regulatory requirements. • Design and support implementation of layered defense models, including Zero Trust, endpoint protection, identity-based security, network segmentation, encryption, threat monitoring, and secure cloud controls. • Evaluate emerging cybersecurity technologies, tools, and methodologies to determine applicability, maturity, risk, and operational value. • Support development of cybersecurity roadmaps, implementation plans, maturity models, and modernization strategies. • Advise leadership on cyber risk, threat trends, security gaps, mitigation strategies, and investment priorities. • Collaborate with technical teams, program managers, architects, engineers, system owners, and business stakeholders to integrate security into planning, development, operations, and sustainment activities. • Support security assessments, risk assessments, authorization activities, audits, and compliance reviews. • Provide expertise in federal cybersecurity frameworks and standards, including NIST, RMF, FISMA, FedRAMP, CMMC, CIS Controls, and Zero Trust guidance. • Recommend automation, analytics, artificial intelligence, machine learning, and security orchestration approaches to improve cyber defense effectiveness. • Support incident response planning, tabletop exercises, root cause analysis, and lessons-learned activities. • Develop cybersecurity policies, procedures, playbooks, technical guidance, briefings, and executive-level decision materials. • Mentor junior and mid-level cybersecurity staff and promote knowledge sharing across technical teams. • Identify opportunities to reduce risk, improve efficiency, strengthen resilience, and advance the organization’s cyber maturity. • This position may perform other duties as assigned. The responsibilities listed above are representative and not intended to be all-inclusive.
Cybersecurity Engineer – AI Risk and Governance
Vantage Data CentersExperience | Scalability | Efficiency By Design
• Perform technical security testing and reviews of AI‑enabled applications, agents, and workflows • Implement approved security architecture patterns for AI, ML, and LLM systems across cloud, hybrid, on‑prem, and OT‑adjacent environments • Engineer secure inference paths, APIs, service identities, authentication flows, and segmentation boundaries aligned with least privilege and zero trust principles • Implement technical safeguards to mitigate prompt injection, unauthorized context expansion, data leakage, hallucination risk, and unsafe output handling • Configure and maintain controls for limiting, monitoring, logging, and managing AI usage across platforms, models, and agents • Implement and validate technical controls supporting model explainability, traceability, and output validation where AI impacts operational, workforce, safety, or compliance decisions • Review and validate LLM usage patterns, including prompt design, retrieval‑augmented generation (RAG), context window constraints, and output handling mechanisms • Implement controls preventing unauthorized external model training, reuse, or retention of enterprise data by third‑party AI platforms • Validate encryption, access logging, retention, and deletion controls for data ingested, processed, or generated by AI systems • Execute AI‑specific threat modeling activities and contribute findings to enterprise and OT cybersecurity risk assessments • Ensure AI systems produce security telemetry, logs, and audit trails sufficient to detect misuse, drift, policy violations, or anomalous behavior • Integrate AI security signals into SOC, SIEM, and incident response tooling and workflows • Support investigation and response to AI‑related incidents, including data exposure, model failure, unsafe outputs, or control breakdowns • Conduct technical security reviews of vendor‑provided and embedded AI capabilities, assessing model behavior, data handling, and control alignment • Enforce approved security requirements for AI vendors and prevent activation of AI features without required security validation and governance approval • Drive alignment with ISO 42001 and related AI governance standards across applicable teams
• Triage, investigate, and respond to alerts across the SOC queue, hitting SLAs and following playbooks • Lead incident investigations, gather evidence, correlate events, and coordinate containment and recovery • Build and tune AI-assisted and agentic workflows across SIEM, SOAR, and EDR, including Claude via API • Engineer detection content: rules, queries, and alert tuning mapped to MITRE ATT&CK • Write and maintain SOAR playbooks and automation scripts that cut manual toil and accelerate response • Hunt for threats proactively, forming and testing hypotheses against current adversary TTPs • Maintain the SOC technology stack: integrations, health, and content engineering across all platforms • Keep SOX and SOC 2 Type 2 audit-ready evidence: logging coverage, incident records, and procedures • Partner with IT, Cloud, Risk, and Compliance to embed telemetry and surface findings clearly


