Lead Information Security Engineer

Outstanding long-term contract opportunity! A well-known Financial Services Company is looking for a Lead Information Security Engineer in Charlotte, NC (Hybrid).

Work with the brightest minds at one of the largest financial institutions in the world. This is long-term contract opportunity that includes a competitive benefit package! Our client has been around for over 150 years and is continuously innovating in today's digital age. If you want to work for a company that is not only a household name, but also truly cares about satisfying customers' financial needs and helping people succeed financially, apply today.

Contract Duration: 12 Months

Required Skills & Experience

• 5+ years in application security, secure development, or DevSecOps roles.
• Strong experience with modern application architectures (e.g., cloud-native, microservices, APIs.
• Experience scaling security programs in federated or decentralized models.
• Experience working in Agile/DevOps environments using tools like GitHub, Jira, Azure DevOps.
• Familiarity with compliance frameworks (e.g., NIST, ISO 27001, CRI Profile).
• Proficiency with static/dynamic analysis tools (e.g., SAST, DAST, SCA, GHAS) and manual code reviews.
• Familiarity with secure SDLC principles, threat modeling methodologies (STRIDE, PASTA), and OWASP standards.
• Excellent communication skills with experience mentoring developers or leading training efforts
• Ability to manage competing priorities and influence teams without direct authority

Desired Skills & Experience

• Excellent verbal, written, and interpersonal communication skills.
• 1+ year of Fortify Code Analyzer experience.
• 1+ year of CheckMarx experience.
• 1+ year of Black Duck SCA experience.
• 1+ year of SAST (Static Analysis Software Testing) experience.
• Experience scaling security programs in federated or decentralized models.
• Certifications such as CSSLP, GWAPT, OSWE, or SANS/GIAC (GSSP, GWEB, etc.]
• Experience working in Agile/DevOps environments using tools like GitHub, Jira, Azure DevOps.
• Familiarity with compliance frameworks (c.g., NIST, ISO 27001, CRI Profile).

What You Will Be Doing

• Provide deep technical guidance on secure coding, vulnerability remediation, threat modeling, and security tools.
• Serve as the escalation point for Satellite ASCs, ensuring QA/QC of findings, especially in high-risk and regulatory environments.
• Lead and continuously enhance the Satellite ASC enablement journey, including onboarding, advanced training, and mentorship.
• Participate in and lead secure design reviews, code analysis, and architecture consultations across multiple development teams.
• Drive and maintain automated security tooling integrations in CI/CD (e.g., SAST, SCA, secrets scanning, IaC reviews).
• Support the creation and tracking of security KPls and metrics dashboards, helping measure risk reduction and program impact.
• Help shape policy and control frameworks that balance developer velocity with security assurance.
• Contribute to the governance and continuous improvement of the Satellite ASC Program.
• Act as a senior advisor and technical lead for the Satellite ASC Program, helping define governance, oversight, and continuous improvement.
• Partner with Product, Engineering, and Risk leaders to define secure design patterns and control objectives for cloud and enterprise systems.
• Lead the review and escalation process for critical findings, ensuring alignment with enterprise risk tolerance.
• Coach and guide other Core ASCs to raise overall capability and impact of the Core ASC Center of Excellence.