Job Summary: The Managing Director, Security Principal is Trimont's senior technical leader for security. Reporting to the Chief Security Officer (CSO), this role owns the technical depth behind the security program: architecting solutions, evaluating vendor technology, and building custom tooling, including AI-assisted and agentic automation, where commercial products fall short.
This is a hands-on engineering and architecture role with no direct reports. The Security Principal partners closely with the CSO, Chief Technology Officer (CTO), the Security Operations Center as a Service (SOCaaS) provider, and internal engineering teams to translate strategy into working, defensible systems.
Responsibilities:- Serve as the senior technical authority for Trimont's security program, setting architecture standards and technical direction across identity, network, cloud, application, and data security domains.
- Lead build vs. buy decisions by evaluating vendor solutions and designing/building custom integrations or platforms where commercial products do not meet requirements.
- Design, build, and operate AI-assisted and agentic automation for security operations, including alert triage, vulnerability management, and compliance evidence collection, with appropriate human oversight.
- Own technical architecture and integration strategy for core security platforms (SIEM, IAM/SSO/MFA, DLP, EDR, vulnerability management).
- Architect and scale secure software development lifecycle (SDLC) practices by integrating automated security controls into DevOps pipelines.
- Act as a senior technical escalation point during security incidents, partnering with SOCaaS and internal teams for detection, investigation, and response.
- Lead enterprise vulnerability management, including scanning architecture, penetration test scoping, remediation validation, and prioritization.
- Embed security requirements early by conducting architecture and design reviews for major technology initiatives.
- Prototype and evaluate emerging technologies (e.g., agentic AI, blockchain security, zero trust), providing recommendations based on hands-on testing.
- Contribute hands-on engineering work (code, scripts, playbooks, automation) in addition to technical review and guidance.
- Mentor and upskill security and engineering teams as a technical leader and force multiplier, without direct management responsibilities.
- Represent Trimont's technical security posture in client, auditor, and regulator engagements as directed by the CSO.
Required Qualifications:- Bachelor's degree in computer science, information security, or related field; equivalent hands-on experience considered.
- 15+ years in security engineering, architecture, or offensive security, with progression to Staff/Principal-level individual contributor.
- Deep, hands-on technical proficiency in at least three of: application security/secure SDLC, cloud security architecture (AWS/Azure/GCP), IAM engineering, network/perimeter security, SIEM/SOAR engineering, or offensive security.
- Demonstrated experience building automation or tooling (custom integrations, scripts, orchestration) across security platforms.
- Practical experience building AI-assisted or agentic automation (e.g., orchestration frameworks, tool-calling agents, LLM API integration).
- At least one hands-on technical certification (e.g., OSCP, OSCE, GPEN, GCIH, GXPN, AWS/Azure security certification).
- Working knowledge of regulatory and control frameworks relevant to financial services (NIST, ISO 27001, GLBA, GDPR, CCPA) to engineer compliant controls.
- Strong written and verbal communication skills for technical and executive audiences.
Preferred Qualifications:- CISSP, CISM, or CISA certifications (for cross-functional credibility with governance stakeholders).
- Experience in financial services, commercial real estate, or other highly regulated industries.
- Proven development experience