Sr. Information Security Engineer (Redwood City, CA)
*** We do not sponsor employment/work visas at this time, if you need sponsorship now or in the future, unfortunately, your application will not be considered ***
Summary:
Under the supervision of the AVP of Information Security, the Senior Information Security Engineer is responsible for implementing, supporting and maintaining robust security controls across cloud and enterprise environments, with a strong focus on Azure cloud security. This role ensures the protection of sensitive data through proactive monitoring, identity and access management, encryption, and compliance enforcement. The engineer collaborates closely with development teams to embed security into application and API lifecycles, leveraging secure coding practices, vulnerability assessments, and modern DevSecOps tools. Additionally, the role supports third-party risk management, internal and external audits, and contributes to the organization’s defense against emerging threats, including those related to AI technologies.
Why Provident?
Provident Credit Union was established in 1950 and we rank among the top 10% of credit unions in the US. We believe having a culture that is accepting, supportive, diverse, and inclusive makes us all better. Provident has been a Bay Area “Top Workplace” since 2017, and our employees rank us on Glassdoor as one of the best credit unions in the nation.
Our values are:
- Listen
- Get Better
- Do What’s Right
Essential Functions
- Implement and monitor Azure cloud security controls, including identity management, data encryption, and compliance configurations, in alignment with defined architectural standards and best practices.
- Ensure the integrity of data security operations by proactively monitoring access to sensitive information, detecting anomalous behavior, and enforcing security policies across digital environments.
- The Senior Information Security Engineer will collaborate with development teams to ensure application and API security through secure coding, vulnerability assessments, and security testing using AI tools, CI/CD pipelines, Azure DevOps, and API management, while aligning with OWASP, NIST, and other relevant compliance standards.
- Perform vendor security due diligence by assessing third-party risk, reviewing security documentation, and verifying alignment with organizational policies and regulatory compliance requirements.
- Support internal and external security assessments and audits by conducting risk evaluations, facilitating evidence collection, and assisting with remediation efforts to ensure compliance and continuous improvement.
- Understanding of AI-related security threats and strategies for effective mitigation
- Experience with managing and supporting security event logging and monitoring via a SIEM platform, including configuration data connectors, analyzing alerts, and responding to incidents in accordance with security policies is nice to have.
- Familiarity with micro-segmentation concepts and practices
- Participate in the planning and implementation of policies and procedures to ensure system provisioning and maintenance is consistent with company goals, industry best practices and regulatory requirements.
- Follow change management procedures to implement, troubleshoot, and support security-related software and system updates, including patches and reconfigurations.
- Adhere to technology maintenance schedules based on business operations and requirements.
- Apply change management protocols to implement, troubleshoot, and support security-related software and system updates, including patching and reconfiguration tasks
- Follow established standards while identifying and implementing automation opportunities and operational efficiencies in daily workflows.
- Actively participate on project teams created to meet short- and long-term goals.
- Participate in monthly on-call rotation
- Performs other duties as assigned.
- Excellent listening and speaking skills.
- Excellent written communication skills.
- Complete required BSA & OFAC training annually, and consistently adhere to related policies and procedures