Job Title:  Principal Security Engineer

Department:  Information Security

Location: Hybrid (4 days onsite, 1 day remote)

About Acrisure

Acrisure is a global Fintech leader that combines the best of humans and high tech to offer multiple financial products and services to millions of businesses and individual clients. We connect clients to solutions that help them protect and grow what matters, including Insurance, Reinsurance, Cyber Services, Mortgage Origination and more.

Acrisure employs over 17,000 entrepreneurial colleagues in 21 countries and have grown from $38 million to $4.3 billion in revenue in just over ten years. Our culture is defined by our entrepreneurial spirit and all that comes with it: innovation, client centricity and an indomitable will to win.

Job Summary:

We are seeking a highly experienced and motivated Principal Security Engineer to join our dynamic team.  The ideal candidate will have between 10 to 25 years of experience in security engineering, DevSecOps, cryptography, identity provider (IdP) and federation authentication, secure coding best practices, and hands-on experience with audit, governance, risk, and compliance (GRC) frameworks.

This individual will work across multiple departments to design, implement, and manage security solutions that protect both internal and third party (vendor) systems and customer data.  You will play a critical role in ensuring that security practices are aligned with compliance requirements while driving technical solutions for secure systems and data protection across the entire organization.

Responsibilities:

Security Engineering & Architecture: Must have expertise in designing, implementing, and maintaining security architectures across cloud, third-party, and on-premises environments, including evaluating and integrating emerging security technologies.DevSecOps: Should possess deep knowledge of embedding security within CI/CD pipelines, establishing security standards, and conducting secure code reviews with development teams.Cryptography: Must understand encryption technologies for securing data at rest and in transit, with experience managing cryptographic keys and ensuring compliance with industry standards.Identity & Authentication: Requires knowledge of designing and managing secure identity solutions, including Single Sign-On (SSO), Identity Providers (IdPs), and federation protocols such as SAML, OAuth, and OpenID Connect.Secure Coding: Should be proficient in secure coding practices, training teams, and developing standards to prevent vulnerabilities like injection flaws, XSS, and authentication issues.Governance, Risk, & Compliance (GRC): Must have a strong grasp of GRC frameworks (e.g., NIST, ISO 27001) and experience in aligning technical controls with regulatory and audit requirements.Threat Management: Requires expertise in performing risk assessments, threat modeling, vulnerability assessments, and mitigation planning to address security risks.Incident Response & Monitoring: Should have knowledge of incident response strategies, SOC collaboration, and implementing continuous monitoring tools to ensure compliance and security standards.Collaboration & Leadership: Must demonstrate the ability to work with cross-functional teams, mentor junior engineers, and act as a subject matter expert in security technologies, tools, and frameworks.

Requirements:

Deep understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry compliance regulations (GDPR, HIPAA, PCI-DSS).Hands-on experience with security tools such as IDS/IPS, SIEM, vulnerability scanners, and penetration testing platforms.Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications.Proficiency in programming languages (e.g., Python, Java, C++) and automation tools (e.g., Terraform, Ansible).Strong knowledge of networking protocols, firewalls, VPNs, proxies, and security monitoring tools.

Education/Experience:

5+ years of relevant experience in security engineering and GRC-focused security solutions development.Extensive hands-on experience in DevSecOps, integrating security in CI/CD pipelines, and supporting development teams in secure coding practices.Proven expertise in cryptography, including encryption, key management, and digital signatures.Strong background in identity provider (IdP) management and federated authentication solutions (SAML, OAuth, OpenID Connect).Experience implementing technical controls and solutions that align with governance, risk, and compliance frameworks (e.g., NIST, ISO 27001, GDPR, HIPAA, PCI-DSS).

Certifications (preferred):

CISSP (Certified Information Systems Security Professional)CISM (Certified Information Security Manager)GIAC (Global Information Assurance Certification)CEH (Certified Ethical Hacker)CRISC (Certified in Risk and Information Systems Control)

Benefits & Perks:

Competitive CompensationIndustry Leading HealthcareSavings and InvestmentsCharitable Giving ProgramsOffering hybrid work option           Opportunities for GrowthParental LeaveGenerous time away

Acrisure is committed to making an impact in our communities by giving back, with millions committed to children’s health with Helen Devos Children’s Hospital and UPMC Children's Hospital of Pittsburgh.

For more, visit www.Acrisure.com  or learn more here.

#LI-RM1

Acrisure is committed to employing a diverse workforce. All applicants will be considered for employment without attention to race, color, religion, age, sex, sexual orientation, gender identity, national origin, veteran, or disability status.  California residents can learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy available at www.Acrisure.com/privacy/caapplicant.
 

To Executive Search Firms & Staffing Agencies: Acrisure does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered Acrisure’s property, and Acrisure will not be obligated to pay a referral fee. This includes resumes submitted directly to Hiring Managers without contacting Acrisure’s Human Resources Talent Department.