Security Engineer - #1405908

Company Description:

Aspida is a tech-driven, nimble insurance carrier. Backed by Ares Management Corporation, a leading global alternative asset manager, we offer simple and secure retirement solutions and annuity products with speed and precision. More than that, we’re in the business of protecting dreams; those of our partners, our producers, and especially our clients. Our suite of products, available through our elegant and intuitive digital platform, focuses on secure, stable retirement solutions with attractive features and downside protection. A subsidiary of Ares Management Corporation (NYSE: ARES) acts as the dedicated investment manager, capital solutions and corporate development partner to Aspida. For more information, please visit www.aspida.com or follow them on LinkedIn.

Who We Are:

Sometimes, a group of people come together and create something amazing. They don’t let egos get in the way. They don’t settle for the status quo, and they don’t complain when things get tough. Instead, they see a common vision for the future and each person makes an unspoken commitment to building that future together. That’s the culture, the moxie, and the story of Aspida.

Our business focuses on annuities and life insurance. At first, it might not sound flashy, but that’s why we’re doing things differently than everyone else in our industry. We’re dedicated to developing data-driven tech solutions, providing amazing customer experiences, and applying an entrepreneurial spirit to everything we do. Our work ethic is built on three main tenets: Get $#!+ Done, Do It with Moxie, and Have Fun. If this sounds like the place for you, read on, and then apply at aspida.com/careers.

What We Are Looking For:

This role is critical in safeguarding our organization's information, infrastructure, and assets by continuously designing, implementing, and maintaining security systems to detect and respond to threats.

The Security Engineer will work closely with engineers, analysts, developers, and architects across the company to design secure systems, investigate potential threats, and enforce security policies. They will be responsible for developing and optimizing security tools, conducting vulnerability assessments, analyzing logs, and supporting incident response efforts. Additionally, this role plays a key part in ensuring compliance with industry standards and regulations, including the Gramm-Leach-Bliley Act (GLBA).

Reporting directly to the Director of Cybersecurity, this position provides an opportunity to contribute to a strong security posture, helping protect both corporate and client data while gaining hands-on experience in threat detection, security automation, and continuous monitoring. This role is required to be onsite 3 days a week at our Durham, NC headquarters.

What You Will Do:

• Design, implement, and maintain security systems to protect infrastructure, applications, and networks from threats, ensuring compliance with the Gramm-Leach-Bliley Act (GLBA) and other security policies.
• Collaborate with engineers, analysts, developers and architects across departments to design secure solutions and assess security risks.
• Develop and optimize security monitoring tools, including SIEMs, endpoint detection and response (EDR), data loss prevention (DLP), code scanning tools, and vulnerability management solutions to enhance threat detection capabilities.
• Conduct security assessments and risk analyses for new software, features, and infrastructure, identifying vulnerabilities and recommending mitigation strategies.
• Perform regular security monitoring and vulnerability scanning, supporting penetration testing efforts to proactively identify and address security gaps.
• Support incident detection and response efforts, investigating security alerts and working with other team members to analyze threats, contain incidents, and prevent future occurrences.
• Document security events, policies, procedures, and configurations, ensuring information is readily available for audits and regulatory compliance.
• Educate and assist employees and teams in following security best practices and complying with organizational policies.
• Stay informed on emerging threats, vulnerabilities, and cybersecurity technologies, proactively recommending improvements to strengthen the organization's security posture.
• Lead Application Security Program processes, ensuring secure development practices and integration of security measures throughout the software development lifecycle.
• Implement and advocate for DevSecOps principles, promoting collaboration between development, security, and operations teams to build secure and resilient systems.

What We Provide:

• Salaried, DOE
• Full-Time
• Full Benefits Package Available

What We Believe:

Not sure if you meet every qualification? We still encourage you to apply! We value inclusivity, welcoming candidates from diverse backgrounds, including non-traditional paths. Unique experiences enrich our team, and the willingness to dream big makes you an exceptional candidate!

At Aspida Financial Services, LLC, we are committed to creating a diverse and inclusive environment and are proud to be an equal opportunity employer. As such, Aspida does not and will not discriminate in employment and personnel practices on the basis of race, sex, age, handicap, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above listed items.

Requirements

What We Require:

• Bachelor's degree or higher in computer science, information technology, information security, software development, or a related field.
• Minimum of 3 years of experience in cybersecurity engineering, network security, application security, or a similar role, ideally within a regulated industry (e.g., finance, healthcare).
• Proficiency with security tools and technologies, including SIEMs, vulnerability scanners, DLP (Data Loss Prevention), code scanners, and EDR (Endpoint Detection and Response) tools.
• Hands-on experience with threat modeling, penetration testing, and vulnerability assessment techniques.
• Familiarity with scripting and automation (e.g., Python, Bash, PowerShell) to streamline security processes and reduce manual intervention.
• Understanding of networking and information technology fundamentals, cloud security practices, and DevSecOps principles.
• Strong knowledge of security frameworks, controls, and compliance requirements, with specific experience in Gramm-Leach-Bliley Act (GLBA) compliance.
• Demonstrated ability to assess, identify, and mitigate security risks across complex infrastructures and applications.
• Strong analytical and problem-solving skills, with a proactive approach to identifying potential security threats and areas for improvement.
• Excellent verbal and written communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders.
• Proven ability to collaborate effectively with cross-functional teams, including engineers, analysts, and architects, and to work independently when needed.
• You like to get “STUFF” done and enjoy working in a fast-paced environment.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or offensive Security Certified Professional (OSCP).
• Strong attention to detail, with the ability to document processes and maintain records.
• Ability to stay current with the latest security trends, vulnerabilities, and industry regulations.