SWBC · 2 weeks ago
Senior Information Security Engineer
San Antonio, TX
Full-time
Hybrid
Senior Level, Lead/Staff
8+ years expSWBC is seeking a talented individual to serve as a key Information Security Engineer empowered to leverage the industry’s latest security principles, practices, and tools. The role focuses on improving the reliability, integrity, and security of on premise and cloud-hosted applications while collaborating with internal and external stakeholders to incorporate security into all stages of the software development life cycle.
BankingFinanceFinancial ServicesInsurance
Responsibilities
Identifies, implements, maintains, and monitors risk-informed, standards-based, effective, and efficient security controls within a hybrid multi-cloud technology environment
Supports continuous integration and continuous development pipelines and processes that automatically build, test, and deploy infrastructure and containerized applications to ensure appropriate security checks are included automatically or manually
Reviews software releases and infrastructure changes for security vulnerabilities and risks prior to approval
Supports enterprise software development and cloud infrastructure projects and production applications that store, process, and transmit regulated data to ensure controls meet or exceed standards
Manages vulnerabilities and security testing for on premise and cloud-hosted applications and tracks issues to remediation
Supports audit and compliance efforts to ensure applications, infrastructure, and integrations meet applicable compliance and contractual standards
Identifies, recommends, and tests technical security standards and guidelines for software development, DevOps, and release management to ensure that all delivered solutions and architecture adhere to industry best-practices for availability, confidentiality, and integrity
Partners with internal and external development teams and other stakeholders to improve security and operational monitoring for cloud hosted workloads
Develops and tests incident response plans to prepare for, respond to, and recover from security incidents and operational issues as part of an incident response team
Supports efforts to provide for a secure integrated development environment for external and internal software and release management pipelines
Builds and tracks performance indicators and metrics to inform security control monitoring in cloud environments
Performs all other duties as assigned
Qualification
Required
Bachelor's Degree in Computer or Software Engineering, Information Security, Cybersecurity or related field from an accredited four year college or university required
AWS Certified Solutions Architect or DevOps Engineer Professional certification required
Minimum eight (8) years of extensive security engineering experience, including architectural design using AWS best practices and industry standards
Experience implementing and managing tools for security, availability, and compliance monitoring in a cloud environment which includes collecting data, parsing log files, capturing network traffic, setting alert thresholds, and notifying stakeholders
Experience and understanding of the DevOps deployment pipeline and security considerations for each step of the CI/CD processes
Experience with serverless architectures, their features, advantages, security concerns, and tactics for deploying effective security in serverless implementations
Experience with vulnerability management and virtual patching in the cloud
Experience with Amazon Web Services (AWS) cloud architecture components, security, identity, & compliance services, and knowledge of how to secure the environment
Familiar with DevOps toolsets to track work items, code, test, build, and release, and knowledge of how each stage is secured and automated
Familiar with tools to perform vulnerability assessments, threat detection, compliance benchmarking, audit logging, log evaluation, and network collection for cloud hosted applications
Familiar with basic web development practices, i.e. HTML, CSS, JavaScript, JQuery, etc
Familiar with team development tools and source control, including Azure DevOps, GIT, etc
Familiar with the principles of software development life cycle (SDLC) and separation of duties
Understanding of micro service architecture and implementation of appropriate security controls used in various architectural designs and conditions
Understanding of “As Code” processes and attack surfaces presented by CI, CD, and CM tools and familiarity with techniques for how to harden these tools
Understanding of the Secure DevOps auditing controls and how to leverage automated scanners to automate policy requirements
Demonstrated knowledge of how to configure security services and tools such as Web Application Firewalls, Content Delivery Networks, and Intrusion Monitoring to protect against common website attacks
Demonstrated knowledge of encryption and encryption key management using managed services and a dedicated cloud hardware security module
Knowledge of container security issues, hardening containerized environments, container orchestration tools, and running production workloads in the cloud
Knowledge of IT Security Operations
Knowledge of UI, AI, and Machine Learning
Knowledge the Payment Card Industry (PCI) Data Security Standard (DSS)
Able to understand and write basic JSON programming language policies
Demonstrated ability to work as an essential part of a highly motivated business, technology, development teams
Proficient Microsoft Office skills, including Word and Excel
Written and verbal communication skills and the ability to work with teams and external stakeholders are essential
Strong problem resolution and interpersonal skills
Strong multi-tasking skills
Able to use general office equipment including copy machine and phone system
Preferred
Master's Degree preferred
AWS Security Specialty certification highly desired
Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) highly desired
Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK) desired
GIAC Cloud Security Automation (GCSA) certification highly desired. Must be able to obtain certification within 6 months of hire
Benefits
Competitive overall compensation package
Work/Life balance
Employee engagement activities and recognition awards
Years of Service awards
Career enhancement and growth opportunities
Leadership Academy and Mentor Program
Continuing education and career certifications
Variety of healthcare coverage options
Traditional and Roth 401(k) retirement plans
Lucrative Wellness Program
Company
SWBC
SWBC is a provider of insurance, mortgage, and investment services to financial institutions, businesses, and individuals.
1001-5000 employees
H1B Sponsorship
SWBC has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (22)
2024 (16)
2023 (9)
2022 (22)
2021 (14)
2020 (11)
Funding
Current Stage
Late StageLeadership Team
Gary Dudley
President and Co-founder
Recent News
2025-09-12
Morningstar.com
2025-08-13
MarketScreener
2025-07-24
Company data provided by crunchbase