Key skills
Information SecurityScripting PythonScripting PowerShellActive DirectorySSO PlatformsVulnerability ScanningPythonPowerShellEntra IDOAuthOktaSSOOneLoginCommunication
About this role
Pennymac is a specialty financial services firm focused on the U.S. mortgage market, dedicated to helping Americans achieve homeownership. The Information Security Engineer is responsible for managing the lifecycle and security of non-human identities, collaborating with engineering and DevOps teams to ensure secure machine-to-machine communication and implementing risk remediation strategies.
Responsibilities:
- NHI (Non-Human Identity) Governance: Manages the identification, classification, and lifecycle of non-human identities across the enterprise
- Internal Advocacy: Serves as an "Evangelist" to educate application owners and developers on the risks of hardcoded secrets and unmanaged service accounts
- Risk Remediation: Analyzes vulnerabilities in service account configurations and recommends modern countermeasures, such as automated rotation or secret injection
- Cross-Functional Advisory: Collaborates with IT and business partners to ensure that NHI security is factored into the initial configuration of new software and cloud services
- Audit & Compliance: Tests for compliance with security policies regarding password complexity and rotation for automated accounts
- Tool Management: Oversees the day-to-day operations of Non-Human Identity Security platforms and secret management vaults
- Trend Analysis: Examines logs to identify anomalous behavior or "orphaned" accounts that no longer serve a business purpose
Requirements:
- Minimum of 3 years of experience in information security, systems administration, or a technical support role
- Ability to advise on the potential benefits and drawbacks of suggested security actions to non-security audiences
- Strong commitment to delivering prompt, high-quality, and efficient service to internal business partners
- Hands-on experience with at least one scripting language (Python or PowerShell) to automate identity checks
- Foundational knowledge of Active Directory and SSO Platforms (Entra ID, Okta, OneLogin, etc.) along with common authentication protocols (OAuth, OIDC)
- Practical experience with vulnerability scanning or identity monitoring tools
- Bachelor's degree in Computer Science or Information Security, or equivalent experience