<p>What we need… We are seeking a Senior Risk Engineer to join our security team and play a critical role in shaping and enforcing our organization's security posture. This highly visible position is ideal for a seasoned professional who thrives in designing policies, ensuring compliance, and leveraging advanced security tooling to strengthen our vulnerability management program and overall defense strategy. You will collaborate with teams to safeguard systems, mitigate risks, and drive continuous improvement in our corporate security practices. What's in it for you…</p> <p>COCC offers a collaborative environment, career growth, and all the benefits you'd expect from an award-winning employer, including:</p> <p>Hybrid schedules and ample paid time off allowing you work/life balance and flexibility Customized training and onboarding to support you in your first year at COCC Robust employee development programs aligned with career pathing objectives Cutting-edge training and educational resources from vendors like SANS, PluralSight and CBTNuggets Generous PTO offerings, benefits and competitive compensation On-site fitness centers, wellness incentives, and lifestyle spending accounts Tuition Reimbursement One-on-one career coaching DEIB initiatives championing inclusion and encouraging you to bring your whole self to work Financial planning assistance with certified professionals Peer recognition programs</p> <p>What you'll do…</p> <p>Create, refine, and enforce security standards and procedures across the organization. Monitor and validate adherence to regulatory frameworks, industry standards, and internal policies. Identify control weaknesses, regulatory compliance issues, and potential areas of risk. Utilize security tools to identify, assess, and assist in the remediation of vulnerabilities across infrastructure and software applications. Partner with IT, security engineering, software development, and business units to embed security into processes and projects from the start. Evaluate emerging threats, analyze system risks, and recommend mitigation strategies for addressing those risks to the organization. Research evolving security threats, tools, and best practices to help proactively strengthen defenses. Participate in the regulatory review process/standard, including generating reports, executing third-party security reviews, and working with Internal Audit. Perform system reviews for network devices, web applications, and modern operating systems ensuring compliance with CIS. Work without supervision and use advance knowledge to make judgment calls where necessary. Coach, mentor, and guide junior engineers and analysts on a highly collaborative team.</p> <p>What you'll bring…</p> <p>A bachelor's degree (IT/IS preferred), or equivalent hands-on experience. 5-7 years in information security, risk engineering, or related field(s). Industry-recognized security certifications such as SecurityX, GSEC, or CISSP. Hands-on experience with vulnerability management tools (e.g., Qualys, Tenable, Rapid7), SIEM platforms, and compliance frameworks (NIST, SOC 2). General knowledge of FFIEC guidelines and regulations a plus. Strong understanding of regulatory requirements and security governance. Ability to assess complex systems, identify risks, and propose actionable solutions. Clear and effective communicator with the ability to influence stakeholders and present findings to peers as well as leadership. Scripting and automation capability in Python, Perl, or Powershell. Ansible, terraform, or n8n experience a plus. General knowledge of route/switch functionality, network security, and operating systems such as Windows, Linux, and MacOS. Experience working in Cloud as well as Container environments. Familiarity with CI/CD security controls and container compliance.</p> <p>The salary range for this position is $83,640 - $122,400</p>