<p>Company: IRALOGIX, Inc.</p> <p>Position: Security Engineer</p> <p>Location: Charlette, NC</p> <p>Job Type: Full-Time/Exempt</p> <p>Industry: Retirement Services/FinTech Software</p> <p>Travel: 0%-5%</p> <p>IRALOGIX is a high-growth, institutional technology platform focused on providing uniquely capable solutions to IRA providers, 401(k) recordkeepers, retirement-focused Advisors, Mutual Fund investment providers, and banks interested in growing their IRA capabilities, revenue, and market share. Through proprietary, ground-up technology, we are changing the landscape and are empowering client companies to provide broader access to the best retirement services possible while significantly lowering administration costs and increasing efficiency, profitability, and competitiveness, far beyond industry expectations.</p> <p>Role Overview</p> <p>We're hiring a Security Engineer to join our lean and highly collaborative security function. Reporting to the Director of Security, you'll play a central role in identifying risks and driving security outcomes across AWS infrastructure, containerized applications, CI/CD pipelines, SaaS platforms, and endpoints.</p> <p>This role is ideal for a broad generalist with 2-4 years of experience-someone who is passionate about security, thrives in modern cloud environments, and wants to grow into a versatile engineer who touches AppSec, DevSecOps, endpoint security, and compliance. We're looking for adaptability, curiosity, and a strong grasp of fundamentals over deep specialization.</p> <p>Key Responsibilities</p> <ul> <li>Cloud Security & IAM </li><li>Support secure configuration of AWS services. </li><li>Help develop identity and access guardrails across AWS and SaaS tools. </li><li>Partner with DevOps to improve image lifecycle hygiene and container security. </li><li>CI/CD Security </li><li>Work with engineering and platform teams to define security gates for CI/CD. </li><li>Help standardize secure build practices, secrets management, and artifact handling. </li><li>Vulnerability & Threat Management </li><li>Support triage and remediation of vulnerabilities surfaced via cloud and endpoint scanners. </li><li>Engage with our SOC to respond to security events across cloud, identity, endpoint, and app layers. </li><li>Application Security </li><li>Help developers address legacy library vulnerabilities and integrate secure coding practices. </li><li>Participate in threat modeling, secure SDLC planning, and code/toolchain reviews. </li><li>Governance & Compliance </li><li>Assist in maintaining our SOC 2 Type II posture and mapping controls to frameworks (CSA CCM, CIS AWS). </li><li>Collaborate with auditors and internal stakeholders to evidence controls and risk mitigation. </li><li>Endpoint & SaaS Security </li><li>Support Mac and Windows laptop security with device configuration/compliance management tools. </li><li>Help govern secure SaaS usage, enforce device compliance, and manage privilege escalation. </li><li>Education & Culture </li><li>Contribute to internal security training, awareness campaigns, and documentation. </li><li>Champion a collaborative, secure-by-default culture across development and operations. </li></ul> <p>JOB DESCRIPTION</p> <p>You Might Be a Fit If You Have...</p> <ul> <li>2-4 years of hands-on security, DevOps, or cloud engineering experience in modern environments. </li><li>Familiarity with AWS IAM, containers (ECS, EKS), Terraform, SSO (Okta), and CI/CD workflows. </li><li>Practical understanding of vulnerability management, secure coding, and cloud-native security tooling. </li><li>Experience working in small teams or startups where everyone wears multiple hats. </li><li>Comfort collaborating with developers, auditors, and cross-functional stakeholders. </li><li>An eagerness to learn and improve-especially around AppSec, cloud IAM, and CI/CD security. </li><li>Strong written and verbal communication skills. </li></ul> <p>Bonus Points For…</p> <ul> <li>Familiarity with Java, Python, Go, or Rust. </li><li>Experience securing GitHub Enterprise, Argos, Trivy, or other common DevSecOps tools. </li><li>Prior exposure to compliance frameworks like SOC 2, CIS, or CSA CCM. </li><li>Contributions to open source or personal security projects. </li></ul> <p>Work Setup & Culture</p> <ul> <li>Hybrid model: 3-4 days/week in our Pittsburgh office </li><li>Flexible and team-driven environment with high autonomy </li><li>Emphasis on learning, adaptability, and cross-functional support </li><li>No formal on-call, but expectation to assist during major incidents </li></ul> <p>What We Value</p> <p>We care far more about aptitude, curiosity, and flexibility than traditional degrees or certifications. Whether you've come from an enterprise, a bootcamp, or built your skills in your home lab-we want people who can grow with us, solve problems with empathy, and help secure an evolving, cloud-first fintech platform.</p>