Sr. SecOps Engineer- Product Security Operations

Envestnet is seeking a Sr. SecOps Engineer- Product Security Operations – YOD to join our Yodlee department. This is a remote role with occasional travel to our Raleigh, NC office.

Envestnet is transforming the way financial advice is delivered through its connected technology, advanced insights, and asset management solutions – backed by industry-leading service and support. Since 1999, Envestnet has served the wealth management industry and today supports trillions in platform assets, serving over a hundred thousand financial advisors. The vast majority of the nation’s leading banks, the largest wealth management and brokerage firms, and over 500 of the largest RIAs rely on Envestnet’s wealth management platform and solutions to drive business growth, boost productivity, and deliver better financial outcomes for their clients. 

Envestnet’s Strategy:

• Deliver the industry-leading wealth management platform, powered by advanced data and insights 
  
• Leverage our scale and efficiencies to serve our clients’ needs comprehensively 
  
• Enable financial advisors to deliver more holistic advice – reflecting a more complete view of their clients’ financial lives, and in a more connected environment
  

For more information, please visit www.envestnet.com.

Job Summary: 

Yodlee is looking for a highly skilled and experienced Cyber Security Operation Engineer to join our team. This pivotal role involves designing, developing, and implementing comprehensive security controls that safeguard our organization's data, systems, and networks from sophisticated cyber threats. The Security Engineer will also lead efforts in incident response and be integral to the development and maintenance of our security operation center processes and procedures. It is preferred to have product security knowledge such as, OWASP top 10, API security, Devsecops. Collaboration with various stakeholders, conducting security assessments, ensuring compliance with industry standards and regulations, and deploying security controls across both cloud and on-premises datacenters are essential components of this role.

Job Responsibilities:

• Cyber Security Engineering and Implementation
  
  • Developing comprehensive security architectures that align with business objectives and regulatory requirement. Implement secure network, system, and application architectures. 
    
  • Benchmark and implement industry best practices to mitigate potential threats to digital infrastructure and operations such as MITRE ATT&CK and NIST CSF.
    
  • Evaluate and recommend security technologies and solutions for cloud and Datacenter.
  • Implementation of security tools and technologies, such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing) and IAST (Interactive Application Security Testing)
    
  • Managing and maintaining security tools and infrastructure, including SIEM(Splunk), EDR(CrowdStrike), Threat intel, endpoint protection and breach simulation.
    
  • Configuring and tuning security tools to optimize performance and accuracy.
    
  • Deploying and updating security software and hardware.
    
  • Lead incident response and develop and maintain security operation center process and procedures.
    
• Cyber Security and Security Operations Management
  
  • Establish and maintain an application security program & security operation, including policies, standards, and procedures. 
    
  • Track and report on key performance indicators (KPIs) related to application security and infrastructure security.
    
  • Oversee the 24/7 monitoring of security systems and networks for potential threats. 
    
  • Develop, implement and maintain incident response plans and procedures. 
    
  • Lead incident response efforts, including containment, eradication, and recovery. 
    
  • Conduct post-incident analysis and develop recommendations for improvement. 
    
  • Administrating the SOC infrastructure to ensure its hardened posture and best performance.
    
  • Troubleshooting and resolving issues related to SOC technologies.
    
  • Oversee the implementation of security tools and technologies, such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and IAST (Interactive Application Security Testing) Lead and oversee all internal and external audits, ensuring readiness for regulatory assessments and third-party evaluations.
    
• Continuous Monitoring, Incident Response, and Reporting
  
  • Implementation of continuous security monitoring to assess compliance and control effectiveness.
    
  • Drive the development of actionable reporting metrics, including security health checks, audit readiness, and compliance status, for senior management and stakeholders.
    
  • Work closely with the SOC and Incident Response teams to evaluate the impact of security incidents on compliance and drive remediation efforts.
    
  • Evaluate and recommend security technologies and solutions
    
  • Ensure proper configuration and maintenance of security related tools.
    
• Vulnerability management & Product security
  
  • Establish Vulnerability management program and remediation process. 
    
  • Prioritize vulnerabilities for remediation based on risk and business impact.
    
  • Prepare and distribute vulnerability reports to stakeholders, including management and technical teams.
    
  • Integrate security into the SDLC, from design and development to testing and deployment. 
    
  • Promote secure coding practices and provide training to developers. 
    
  • Establish and enforce security requirements for applications. 
    
  • Implement security testing throughout the SDLC.
    
• Compliance Program Management
  
  • Lead the development, implementation, and management of the Information Security program, ensuring compliance with industry standards (e.g., PCI DSS, SOC 2, NIST, ISO 27001, and others).
    
  • Manage and maintain security compliance posture, ensuring senior management and business units are informed about application security risks and mitigation strategies.
    
  • Stay abreast of emerging security threats, vulnerabilities, and industry best practices.
    
  • Innovation and Continuous Improvement
    
  • Lead efforts to identify and drive continuous improvements in security processes, tools, and practices.
    
  • Stay ahead of industry trends, regulatory changes, and emerging security risks to ensure the organization remains agile and compliant in an evolving threat landscape.
    
  • Lead strategic initiatives that improve operational efficiencies and reduce risks through the automation and enhancement of security controls.
    
• Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested.  
  
• As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk.
  

Required Qualifications: 

• Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field.
  
• Experience: 7+ years of experience in information security, Security operations, threat hunting, Security automation, Incident response, Red-teaming and Blue Teaming.
  
• Strong hands-on technical skills, extensive knowledge of AWS or other Cloud Technologies, and the ability to work with senior stakeholders.
  
• Experience in managing SIEM, EDR and Other security contoles.
  
• Experience: 1+ years’ experience in of Product/Application security, Secure coding, OWSP
  
• Knowledge about programming language such as Java, Python.
  
• Knowledge about the API security, databases (SQL, NoSQL, or similar).
  
• Strong understanding Owasp top 10 and Secure Development, Java, python, programing knowledge.
  
• Certifications: Relevant security or compliance certifications such as CISA, CISSP, GCIH, OSCP, AWS Certified Security – Specialty or CompTIA Security+ are highly preferred.
  

Key Skills: 

• Minimum of 6 years of experience in information security, with a focus on security engineering.
  
• Proven experience designing and implementing security solutions in complex environments.
  
• Deep understanding of cloud computing platforms (AWS, Azure, GCP).
  
• Familiarity with secure coding practices, SDLC and DevSecOps.
  
• Strong leadership, communication, and problem-solving skills. 
  
• Relevant certifications (e.g., CISSP, CSSLP, CEH, AWS security) are highly desirable. 
  
• Regulatory Knowledge: In-depth knowledge of NIST, ISO 27001, PCI DSS and SOC2 compliance. standards, with hands-on experience managing compliance and audit processes.
  

Envestnet: 

• Be a member of an innovative and industry leading financial technology and solutions company 
  
• Competitive Compensation/Total Reward Packages that include:
  
  • Health Benefits (Health/Dental/Vision)
    
  • Paid Time Off (PTO) & Volunteer Time Off (VTO)
    
  • 401K – Company Match
    
  • Annual Bonus Incentives
    
  • Parental Stipend 
    
  • Tuition Reimbursement
    
  • Student Debt Program
    
  • Charitable Match 
    
  • Wellness Program
    

Salary:

The annual base salary range for this position is $88,000 to $132,000.

#LI-SC1