Lead Associate Principal, Security Engineering

To be considered for this position, applications and resumes are accepted only through our careers site by directly applying to the posted job. We do not accept unsolicited resumes or sales solicitations from staffing agencies. Any OCC employee wishing to submit a referral must do so through their Workday account. Any resume submitted outside of an active job posting will not be considered for employment.

What You'll Do:

Join our dynamic Security Engineering team as a Lead Associate Principal Cloud Security Engineer and make a significant impact on our organization's cybersecurity posture. In this role, you'll be responsible for driving critical security related projects, managing day-to-day cloud security engineering tasks, cloud-based initiatives, and DevOps development for security related endeavors. You will help manage privileged access systems that protect our most critical assets, implement AI-based security capabilities, and help shape our security architecture. This position offers excellent growth opportunities as you'll work with best-in-class technologies while collaborating with cross-functional teams to solve complex security challenges. If you're passionate about cybersecurity and seeking a role where your expertise directly strengthens organizational resilience, this is an ideal next step for your career.

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

Maintain Hybrid Infrastructure Integrity Ensure the operational integrity of cloud and on-premises infrastructure throughout its lifecycle, including patching, version control, and system upgrades. Establish and enforce security as code principles throughout the environment in alignment with OCC/Security Standards.

Manage ongoing critical cloud service rollouts and automation Lead end-to-end deployment of mission-critical cloud services while developing and maintaining automation pipelines that streamline provisioning, configuration, and compliance enforcement across cloud environments.

Assist in the deployment of new technologies and infrastructure aligned with security strategy Partner with architecture and engineering teams to evaluate, pilot, and deploy emerging cloud technologies, ensuring all implementations adhere to established security frameworks, organizational risk tolerance, and long-term strategic vision.

Support, grow, and advance current processes and tools Continuously assess existing security processes and toolsets, driving improvements that mature the organization's cloud security posture through automation, documentation, and operational efficiency. Develop and implement system improvements that automated integrations and accelerate detection and remediation of functional and technical issues.

Demonstrate in-depth knowledge of security controls and standards across cloud security, architecture, and security testing Apply expertise in industry frameworks (CIS, NIST CSF, CSA CCM) to design, implement, and validate security controls spanning cloud architecture, identity and access management, data protection, and security testing including vulnerability assessments and penetration testing.

Manage multiple complex projects simultaneously under strict deadlines Prioritize and execute across a dynamic portfolio of concurrent security initiatives, consistently delivering high-quality outcomes on time while maintaining rigorous attention to detail and adherence to organizational standards.

Serve as primary point of contact across cross-functional teams Act as the central liaison between security, engineering, operations, and business stakeholders throughout the full project lifecycle. Ensure alignment, clear communication, and accountability at every stage.

Supervisory Responsibilities:

None

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

Seven Years’ Experience with Security Engineering activities and testing.

Five years’ of experience with DevOps processes

Five years’ experience with AWS architecture and services.

Advanced knowledge in identity and authentication architectures across cert-based, OAuth2/OIDC, IAM, AD, k8s, and Kerberos implementations

Advanced knowledge and experience designing secure CI/CD and IaC ecosystems with Terraform, Ansible, and Jenkins at enterprise scale.

Effective oral and written communication, analytical, judgment and collaboration skills.

Ability to effectively communicate in both formal and informal review settings with all levels of management.

Ability to work with local and remote IT staff/management, vendors and consultants.

Ability to work independently and possess strong organizational skills.

Technical Skills:

Proficiency providing operational and engineering support for one or more of the following: CyberArk, HashiCorp Vault, Active Directory Certificate Services (ADCS), HSMs, and Public Key Infrastructure (PKI).

Expertise in DevOps and DevSecOps practices and tooling. Hands-on expertise across CI/CD pipeline development and automation tools such as Jenkins, GitHub Actions, or GitLab CI, leveraging infrastructure-as-code frameworks (Terraform, Ansible) and scripting languages (Python, Groovy, Bash, GoLang) to embed security controls throughout the software development lifecycle.

Expert level knowledge of privileged access management methodologies and techniques for on-prem and Cloud implementation.

Education and/or Experience:

Experience in one or more of the following disciplines: security operations, development, engineering, or architecture

Experience supporting privileged access management and access controls programs.

Professional or personal experience using AI coding agents such as OpenAI Codex, Claude Code, or Gemini CLI.

Certificates or Licenses:

None