Principal Information Security Engineer

The Principal Information Security Engineer leads cybersecurity operations and defense across all Self products and infrastructure. This role is instrumental in protecting customer data, ensuring compliance with SOC 2 and PCI requirements, and partnering closely with engineering and IT teams to detect, investigate, and respond to security threats. The ideal candidate brings deep expertise in security operations, threat detection, and incident response, along with hands-on experience building and evolving effective security capabilities.

• →Own end-to-end cybersecurity operations, including threat detection, incident response, and vulnerability management across all Self products and infrastructure
• →Build, tune, and maintain detection capabilities within a SIEM platform to identify threats, anomalies, and policy violations
• →Operate and optimize endpoint detection and response (EDR) solutions, including alert triage, threat hunting, and containment
• →Manage cloud security posture, including misconfiguration identification, risk prioritization, and remediation tracking
• →Administer and optimize secure access and web security platforms, including data loss prevention policy enforcement, shadow IT visibility, and web threat protection
• →Design, manage, and optimize network security controls and cloud-native networking to enforce zero-trust principles and secure perimeter defenses.
• →Lead incident response efforts, from detection through containment, eradication, and post-incident review
• →Conduct proactive threat hunting across endpoint, network, and cloud environments
• →Propose and implement scalable security processes that improve operational efficiency and reduce manual effort
• →Partner with engineering and infrastructure teams to remediate critical security findings and reduce attack surface
• →Lead and perform third-party vendor security reviews and risk assessments
• →Support SOC 2 and PCI compliance efforts, including audit preparation and evidence collection
• →Identify security risks across the environment and recommend mitigation strategies
• →Monitor emerging cybersecurity threats and translate them into actionable detection and prevention controls

• 12+ years of experience in cybersecurity, security operations, or information security engineering
• Hands-on experience with security monitoring and log analysis platforms for detection engineering
• Proficiency with endpoint detection and response tools for threat detection and investigation
• Experience using cloud security posture management tools for cloud security visibility and risk remediation
• Hands-on experience with CASB/SSE platforms for data loss prevention, shadow IT visibility, and secure web access
• Solid understanding of network security, cloud security, and identity and access management
• Experience with vulnerability management programs and remediation workflows
• Strong understanding of adversary tactics, techniques, and procedures (TTPs) and how they apply to modern environments
• Strong background in incident response, including investigation, containment, and root cause analysis
• Experience supporting or operating within SOC 2 and PCI compliance environments
• Ability to partner effectively with engineering and infrastructure teams to drive security outcomes
• Strong risk assessment, prioritization, and communication skills

• Experience performing third-party vendor security assessments
• Familiarity with cloud-native architectures and container security
• Prior experience in fintech, regulated industries, or environments handling sensitive customer data
• Experience with threat intelligence platforms and integrating feeds into detection workflows
• Security certifications such as CISSP, CISM, GCIA, GCIH, GCED, or equivalent experience