Key skills
PythonBashPowerShellAIMachine LearningMLNatural Language ProcessingGenerative AIAnalyticsAWSTerraformServerlessLambdaGitLeadershipCommunicationNetwork Security
About this role
Empower is committed to transforming financial lives and fostering a flexible work environment. The Information Security Principal Engineer will strengthen the corporate Information Security program by leading cybersecurity incidents, developing security standards, and collaborating across teams to ensure secure practices are upheld.
Responsibilities:
- Lead major cybersecurity incidents from detection through containment, eradication, recovery, and post-incident review; including participating in on-call rotation
- Serve as the top escalation point for complex, high-severity incidents, ensuring rapid and effective resolution
- Develop, maintain, and optimize incident response playbooks, runbooks, and escalation procedures
- Oversee enterprise-wide monitoring of networks, cloud, and endpoints for threats, vulnerabilities, and anomalous activity
- Advance detection capabilities using EDR, SIEM, and behavioral analytics aligned with MITRE ATT&CK
- Act as subject matter expert on EDR and SIEM
- Design and implement automation frameworks (Python, PowerShell, AWS Lambda) to streamline response workflows and reduce manual effort
- Integrate AI/ML models into security monitoring and response processes for enhanced detection accuracy and prioritization
- Conduct forensic investigations and threat hunting to identify root causes and emerging threat patterns
- Collaborate cross-functionally with infrastructure, application, and network teams to enforce secure configurations and compliance
- Mentor and guide incident response analysts, fostering technical growth and operational excellence
- Communicate effectively with executives and technical teams during and after incidents, producing clear reports and recommendations
- Drive continuous improvement in detection, response, and prevention strategies to strengthen enterprise security posture
Requirements:
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field
- Must have CISSP Certification (Current and active)
- 6+ years of experience in the realms of enterprise cybersecurity at scale
- 5+ years of experience with EDR, SIEM, email and network security
- 3+ years of experience with cloud environment security, scripting/coding
- Extensive knowledge of the incident response process and lifecycle, ability to contribute to policy and procedure
- Ability to respond to security alerts/incidents and drive the process start to finish
- Ability to use generative AI in day-to-day operations as a force multiplier
- Strong technical written and verbal communication skills, ability to document and present details on incidents
- Strong analytic skills, able to analyze security incidents for root cause, resolution, lessons learned, and improvements
- Excellent communication and leadership skills, with the ability to influence across technical and executive teams
- Additional certifications (SANS, GIAC, CCSP, AWS, CEH, OSCP, etc)
- Experience in a DevSecOps environment (Infrastructure as code, Terraform, Git)
- Experience developing automation frameworks leveraging scripting languages (Python, PowerShell, Bash) and serverless technologies (e.g., AWS Lambda) to accelerate response workflows and reduce manual effort
- Experience automating repetitive tasks such as enrichment, correlation, containment
- Ability to integrate AI and machine learning models into security monitoring and response workflows to improve detection accuracy, reduce false positives, and prioritize threats
- Ability to create AI-driven anomaly detection, behavioral analysis, and natural language processing for log analysis, phishing detection, and threat intelligence enrichment
- Strong Linux, Windows, Network, Database skills
- Experience with technical leadership
- Experience as a security specialist in a regulated IT environment including some combination of SOX, HIPAA, GLBA, PCI