Director of Security and Infrastructure
Indexed description
Requirements
Security Architecture & Operations (60%)
- Design and implement security controls across our application, AWS infrastructure, and endpoints
- Conduct security assessments and penetration testing (or coordinate with external partners)
- Monitor security tools and respond to alerts, incidents, and potential threats
- Define and enforce security policies for code, infrastructure, and data access
- Manage security tooling (SIEM, vulnerability scanning, endpoint protection, etc.)
- Lead incident response efforts when security events occur
- Educate engineering and business teams on security best practices
- Evaluate and manage relationships with security vendors and consultants
- Ensure high availability and performance of AWS infrastructure
- Implement monitoring and alerting for system health and performance
- Own disaster recovery and business continuity planning
- Optimize infrastructure costs without compromising reliability or security
- Collaborate with engineering on infrastructure scaling and architecture decisions
- Manage infrastructure-as-code practices and configuration management
- Develop and maintain security roadmap aligned with business objectives
- Report on security posture and infrastructure health to CTO and executive team
- Stay current on emerging threats, technologies, and industry best practices
- Partner with engineering leadership on technical strategy and vendor selection
- Completed security audit of current state (application, AWS, endpoints)
- Established security monitoring and alerting baselines
- Implemented quick-win security improvements
- Built relationships with engineering team and understood current infrastructure
- Deployed key security tools and processes (vulnerability management, incident response)
- Reduced security and infrastructure incidents through proactive monitoring
- Created documentation for security policies and infrastructure architecture * Identified and begun addressing top 3-5 infrastructure risks
- Embedded security practices into development workflow (security reviews, automated scanning)
- Achieved measurable improvement in security posture
- Optimized infrastructure costs by 15-20% while improving reliability
- Built scalable security and infrastructure frameworks that support company growth
- 5-7+ years in security engineering, infrastructure operations, or similar technical roles
- Hands-on AWS experience - you should be comfortable configuring security groups, IAM policies, CloudWatch, and other AWS services
- Security expertise across application security, network security, and endpoint protection
- Infrastructure operations background - you've managed production systems and understand reliability, monitoring, and incident response
- Proven ability to balance security with business needs - you know when to say "no" and when to find pragmatic solutions
- Strong communication skills - you can explain technical security concepts to non-technical stakeholders
- Self-directed and comfortable with ambiguity - you can prioritize and execute without constant direction
- Experience in SaaS or financial services environments
- Relevant certifications (CISSP, AWS Security Specialty, CEH, OSCP)
- Familiarity with security frameworks (NIST, OWASP)
- Experience with infrastructure-as-code (Terraform, CloudFormation)
- Background in DevSecOps practices
- Experience preparing for or maintaining security certifications (SOC 2, ISO 27001)
- Mortgage or fintech industry background
- Prior experience at a company in the 50-150 employee range
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search