Job Description:Overview:We are seeking a Security Engineering Manager to lead and evolve our security engineering function within a growing financial risk and advisory SaaS business. This role is ideal for an engineering-first leader who thrives in a hands-on environment and is motivated to build, scale, and mature security capabilities in a cloud-native platform.
You will lead a small but growing team, while remaining deeply technical-designing and implementing security controls across cloud infrastructure, applications, and CI/CD pipelines. You will play a critical role in strengthening our security posture, ensuring compliance with SOC 2 requirements, and enabling engineering teams to build securely at scale.
What You'll Do- Lead and grow the Security Engineering function, starting as a player-coach and scaling the team over time
- Design, build, and implement security controls across Azure-based cloud infrastructure, containerized environments, and .NET applications
- Establish and mature cloud security and application security practices, including secure architecture patterns and threat modeling
- Secure the software development lifecycle (SDLC) by integrating security into CI/CD pipelines and developer workflows
- Own and manage third-party penetration testing, including vendor coordination, scope definition, and remediation tracking
- Develop and deliver secure coding training and guidance to engineering teams, driving adoption of best practices
- Build and maintain auditable security controls aligned with SOC 2 requirements, partner closely with internal stakeholders and external auditors
- Collaborate cross-functionally with Engineering, DevOps, and Compliance to embed security into the development and delivery process
- Evaluate, implement, and operate security tooling, with a focus on automation and scalability (shifting from building to optimizing over time)
- Implement and manage cloud security scanning and posture management, including continuous monitoring for misconfigurations, vulnerabilities, and drift across Azure environments
- Identify and address emerging risks related to AI/LLM usage, including vulnerability management, secure integration practices, and guidance for engineering teams adopting AI capabilities
- Remain hands-on-able to dive into technical challenges, review architecture, and contribute directly when needed
What Success Looks Like (First 12 Months) - Strengthened and matured cloud and application security practices across the organization
- Implemented robust policy scanning and vulnerability management practices
- Implemented effective security controls within CI/CD pipelines and development workflows
- Established and maintained robust, auditable controls aligned to SOC 2 requirements
What You Bring - 7+ years of experience in security engineering, with a strong foundation in software or cloud engineering
- Proven experience leading or mentoring engineers, with a desire to build and scale a team
- Deep hands-on expertise in cloud security (Azure required; AWS familiarity preferred)
- Experience securing modern application stacks, including .NET applications and containerized environments
- Strong understanding of application security principles, including secure coding practices, threat modeling, and common vulnerabilities (OWASP Top 10)
- Experience integrating security into CI/CD pipelines and developer tooling
- Familiarity with SOC 2 controls, including designing and implementing auditable technical controls and working with auditors
- Experience managing or working with third-party penetration testing vendors
- Strong problem-solving skills with the ability to operate both strategically and tactically
- Experience with security tooling such as SAST, DAST, container scanning, and cloud security posture management (CSPM)
- Excellent collaboration and communication skills, particularly in working with engineering teams
For Denver based candidates, the compensation range for the position is expected to be between $155,000 and $180,000 annually. Total compensation, including base pay, discretionary individual bonus and company bonus, may be higher than range listed, depending on applicant's skills, qualifications, and experience. Benefits include health insurance, life and disability insurance, 401k, EAP, paid holidays and paid time off.
