Lead Information Security Engineer I

View full description

Requirements:

• At least five years experience leading strategic security efforts in cloud-centric environments, ideally with AWS, including deep expertise in Cloud IAM, network security, threat detection, and logging/monitoring.
• Experience securing container-based and serverless infrastructure using managed services such as ECS and AWS Lambda.
• Ability to influence cross-functional teams, build strong partnerships, and secure stakeholder support—including executive leaders—for security initiatives.
• Excellent communication skills, with an ability to translate complex security concepts into understandable terms for both technical and non-technical audiences
• Comfortable switching from high-level strategic decisions to hands-on technical tasks, including triaging incidents, reviewing code, or configuring security tools.
• Experience maturing security practices, and embedding improvements and controls into existing product/engineering approaches.
• A passion for staying ahead of evolving threats, security trends, and best practices—translating these insights into actionable improvements for Root’s security posture.
• Proficiency in scripting and automation using programming languages such as Python or Ruby.
• Advanced knowledge of security frameworks (SOC 2, PCI-DSS, NIST, etc.), threat modeling, secure design principles, and the ability to embed these practices within CI/CD pipelines.
• Demonstrated success in developing and guiding security engineers, providing technical leadership while fostering a culture of continuous learning and professional growth.
• Willingness to participate in an on-call rotation to address critical security incidents and ensure timely response.

Responsibilities:

• Set and drive Root’s overarching security vision.
• Collaborate with engineering, product, and data science teams to translate high-level business goals into tactical security initiatives that safeguard customer and company data.
• Guide and support security engineers and cross-functional teams through advanced threat modeling, architectural reviews, and secure coding practices.
• Proactively partner with Product to ensure security is built into project roadmaps from the outset, balancing innovation and delivery timelines with robust risk mitigation strategies.
• Establish frameworks that align with relevant regulatory and compliance requirements (e.g., SOC 2, PCI-DSS, NIST).
• Oversee risk assessment processes to help teams prioritize and remediate vulnerabilities.
• Architect scalable security solutions that minimize manual processes through automation.
• Influence design patterns and infrastructure configurations to ensure secure-by-default implementations within AWS and related services.
• Regularly evaluate and adopt emerging security tools and processes.
• Craft a long-term roadmap that anticipates threat evolution and positions Root at the forefront of secure product delivery.