Principal Security Engineer

About Acrisure

A global fintech leader, Acrisure empowers millions of ambitious businesses and individuals with the right solutions to grow boldly forward. Bringing cutting-edge technology and top-tier human support together, we connect clients with customized solutions across a range of insurance, reinsurance, payroll, benefits, cybersecurity, mortgage services – and more.

In the last eleven years, Acrisure has grown in revenue from $38 million to almost $5 billion and employs over 19,000 colleagues in more than 20 countries. Our culture is defined by our entrepreneurial spirit and all that comes with it: innovation, client centricity and an indomitable will to win.

Job Summary:

This role strengthens and optimizes the organization's security capabilities by reviewing existing tools, applications, and processes to identify gaps. It establishes and maintains cloud security architecture best practices, focusing on Azure and VMware, and integrates new and existing security platforms. The role collaborates with Data Center and Network Operations teams to maintain a secure architecture and analyzes security events for anomalous activity. It contributes to the organization's security posture and ensures a secure environment. The individual works on issues requiring the analysis of relevant factors and exercises considerable judgment within defined procedures to determine appropriate action.

This individual will work across multiple departments to design, implement, and manage security solutions that protect both internal and third party (vendor) systems and customer data.  You will play a critical role in ensuring that security practices are aligned with compliance requirements while driving technical solutions for secure systems and data protection across the entire organization.

Responsibilities:

• Security Engineering & Architecture: Must have expertise in designing, implementing, and maintaining security architectures across cloud, third-party, and on-premises environments, including evaluating and integrating emerging security technologies.

• DevSecOps: Should possess deep knowledge of embedding security within CI/CD pipelines, establishing security standards, and conducting secure code reviews with development teams.

• Cryptography: Must understand encryption technologies for securing data at rest and in transit, with experience managing cryptographic keys and ensuring compliance with industry standards.

• Identity & Authentication: Requires knowledge of designing and managing secure identity solutions, including Single Sign-On (SSO), Identity Providers (IdPs), and federation protocols such as SAML, OAuth, and OpenID Connect.

• Secure Coding: Should be proficient in secure coding practices, training teams, and developing standards to prevent vulnerabilities like injection flaws, XSS, and authentication issues.

• Governance, Risk, & Compliance (GRC): Must have a strong grasp of GRC frameworks (e.g., NIST, ISO 27001) and experience in aligning technical controls with regulatory and audit requirements.

• Threat Management: Requires expertise in performing risk assessments, threat modeling, vulnerability assessments, and mitigation planning to address security risks.

• Incident Response & Monitoring: Should have knowledge of incident response strategies, SOC collaboration, and implementing continuous monitoring tools to ensure compliance and security standards.

• Collaboration & Leadership: Must demonstrate the ability to work with cross-functional teams, mentor junior engineers, and act as a subject matter expert in security technologies, tools, and frameworks.

Requirements

• Deep understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry compliance regulations (GDPR, HIPAA, PCI-DSS).

• Hands-on experience with security tools such as IDS/IPS, SIEM, vulnerability scanners, and penetration testing platforms.

• Experience with cloud platforms (AWS, Azure, GCP) and securing cloud-native applications.

• Proficiency in programming languages (e.g., Python, Java, C++) and automation tools (e.g., Terraform, Ansible).

• Strong knowledge of networking protocols, firewalls, VPNs, proxies, and security monitoring tools.

• 5+ years of relevant experience in security engineering and GRC-focused security solutions development.

• Extensive hands-on experience in DevSecOps, integrating security in CI/CD pipelines, and supporting development teams in secure coding practices.

• Proven expertise in cryptography, including encryption, key management, and digital signatures.

• Strong background in identity provider (IdP) management and federated authentication solutions (SAML, OAuth, OpenID Connect).

• Experience implementing technical controls and solutions that align with governance, risk, and compliance frameworks (e.g., NIST, ISO 27001, GDPR, HIPAA, PCI-DSS).

• Certifications (preferred):

• CISSP (Certified Information Systems Security Professional)

• CISM (Certified Information Security Manager)

• GIAC (Global Information Assurance Certification)

• CEH (Certified Ethical Hacker)

• CRISC (Certified in Risk and Information Systems Control)

Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.

Benefits and Perks:

• Competitive compensation

• Flexible vacation policy and paid holidays, plus paid sick time off

• Medical Insurance, Dental Insurance, Vision Insurance, Disability insurance (short-term and long-term), Pet Insurance

• Employee-paid supplemental insurance options

• Company-paid group life insurance

• Employee Assistance Program (EAP) and Calm App subscription

• Vested 401(k) with company match and financial wellness programs

• FSA, HSA and commuter benefits options

• Paid maternity leave, paid paternity leave, and fertility benefits

• Career growth and learning

• …and so much more!

Not reflective of all benefits. Enrollment waiting periods or eligibility criteria may apply to certain benefits. Benefit details and offerings may vary for subsidiary entities or in specific geographic locations

Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children's Hospital in Grand Rapids, Michigan, UPMC Children's Hospital in Pittsburgh, Pennsylvania and Blythedale Children's Hospital in Valhalla, New York.

​Welcome, your new opportunity awaits you.