Lead Information Security Engineer

As a Lead Information Security Engineer, you will be critical in shaping, refining, and executing SpurSol's security strategy across our Business Units and Products, encompassing Cloud and On-Prem infrastructure. This role demands a proactive leader who is a hands-on practitioner, can drive technical initiatives to success, mentor team members, ensure alignment between security objectives and business goals, and work with urgency to drive both forward.

Here are some of the key expectations of this position:

1. Strategic Security Leadership
   1. Define and implement advanced security strategies and frameworks for cloud and on-prem infrastructure.
   2. Align security operations with the company's broader business objectives and technology roadmap.
   3. Develop and maintain a multi-year security roadmap with measurable goals and KPIs.
   4. Serve as the escalation point for high-severity security incidents and own the resolution process.
2. Security Operations Management
   1. Oversee day-to-day SecOps activities, including monitoring, threat detection, and incident response.
   2. Lead the deployment and configuration of security tools (SIEMs, IDS/IPS, EDR, vulnerability scanners, WAFs).
   3. Ensure timely investigation, escalation, and resolution of security incidents.
   4. Regularly review and optimize alerting mechanisms to minimize noise and focus on actionable threats.
3. Risk and Vulnerability Management
   1. Lead periodic risk assessments and vulnerability scanning across Cloud, On-Prem, and EUC (end-user computing) environments.
   2. Prioritize vulnerabilities based on risk exposure and business impact, utilizing frameworks such as CVSS, EPSS, and SSVC.
   3. Collaborate with IT, DevOps, and Product Engineering teams (and other Departments, as needed) to ensure rapid remediation of vulnerabilities and issues.
   4. Implement continuous monitoring and detection strategies to address evolving threat landscapes.
4. Collaboration and Cross-functional alignment
   1. Collaborate with Product, Engineering, DevOps, Admin, PX, and other teams to ensure security practices are embedded across all workflows.
   2. Advocate for and evangelize security-first principles in software development and infrastructure operations.
   3. Participate in design and architecture reviews to identify potential security weaknesses and gaps.
   4. Communicate complex security risks and strategies effectively to technical and non-technical stakeholders.
5. Compliance and Governance
   1. Ensure adherence to compliance and regulatory requirements (e.g., ISO 27001, PCI-DSS, SOC 2, NIST CSF, GDPR, etc.).
   2. Lead internal and external security audits, providing required documentation and evidence and ensuring that SpurSol exceeds the requirements of key standards such as ISO 27001 and PCI-DSS.
   3. Maintain compliance documentation, policies, and procedures.
   4. Establish governance frameworks to ensure ongoing compliance across teams.
6. Incident Response and Recovery
   1. Own and refine the organization's Security Incident Response Plan (SIRP).
   2. Lead tabletop exercises and simulations to ensure readiness for security incidents.
   3. Ensure comprehensive root cause analysis (RCA) is conducted post-incident, building a culture of continuous improvement.
   4. Continuously improve incident response playbooks.
7. Team Leadership and Development
   1. Coach and mentor team members and guide their career growth.
   2. Conduct regular 1:1 meetings, participate in SpurSol's performance review process, and provide constructive feedback.
   3. Foster a culture of continuous learning & improvement, accountability, and innovation.
   4. Develop and oversee training programs to enhance the Team's competencies.
8. Continuous Improvement and Innovation
   1. Stay updated on emerging cybersecurity threats, vulnerabilities, and Security best practices.
   2. Identify and evaluate new Security tools, apps, and technologies to enhance SpurSol's security posture and the security of our Products.
   3. Implement automation in security operations to improve efficiency and reduce human error.
   4. Regularly review and refine security policies and procedures.
   5. Champion the adoption and use of new Security tools, apps, and technologies to further SpurSol's business objectives.