Job Description
About the Role
iCapital is looking for a Head of Security Engineering to lead and evolve our security engineering function within a regulated financial services environment. This role combines strong technical depth, hands-on operational capability, and team leadership, ensuring our security architecture, tooling, and processes are scalable, resilient, and aligned with regulatory expectations.
You will manage a team of security engineers while remaining actively engaged in technical problem-solving, including supporting incident investigations and shaping secure architecture. You will partner closely with Engineering, DevOps, Infrastructure, and Technology/Development teams to embed security across the software development lifecycle and cloud environments.
Responsibilities
Leadership & Team Management
- Lead, mentor, and develop a team of ~5 security engineers across multiple domains
- Define team priorities and execute against the security engineering roadmap
- Foster a culture of ownership, automation, and continuous improvement
- Partner with the CISO and senior stakeholders on strategy, reporting, and risk alignment
Security Architecture & Engineering
- Own and evolve the firm’s security architecture and technology stack, including:
- Cloud security (AWS/Azure/GCP, including CSPM/CNAPP)
- Identity & Access Management (IAM), SSO, and Privileged Access Management (PAM)
- SIEM, detection engineering, and logging architecture
- CASB / SaaS security controls
- Data protection (DLP, DSPM, encryption, key management)
- Network security (firewalls, segmentation, zero trust architecture)
- Design and implement secure, scalable, cloud-native architectures
- Evaluate, select, and rationalize security tools and vendors
Cloud & Infrastructure Security
- Define and enforce security standards across:
- Cloud environments (AWS/Azure/GCP)
- Containers and orchestration platforms (e.g., Kubernetes, Docker)
- Infrastructure as Code (Terraform, CloudFormation)
- Implement least privilege access models and zero trust principles
DevSecOps & Secure Development
- Work closely with Engineering and DevOps teams to:
- Embed security into CI/CD pipelines and Infrastructure as Code (IaC)
- Implement secure coding practices and secrets management
- Perform threat modeling and secure design reviews
- Champion DevSecOps principles and shift-left security practices
Automation & Engineering Excellence
- Drive security automation and orchestration (SOAR) to scale operations
- Utilize scripting and programming (e.g., Python, PowerShell, Bash) to:
- Automate workflows
- Integrate tools
- Enhance detection and response capabilities
Define and report on security KPIs and KRIs to the CISO and senior leadership
Qualifications
- 10+ years of experience in information security or security engineering
- Proven experience leading and managing technical security teams
- Strong hands-on expertise across:
- Cloud security (AWS/Azure/GCP)
- Identity and access management (IAM/PAM)
- SIEM and detection engineering
- Network and infrastructure security
- Data protection technologies (DLP, DSPM, encryption)
- Experience working closely with SOC teams and incident response
- Demonstrated ability to partner with engineering and DevOps teams
- CISSP (required)
- Additional certifications preferred:
- CCSP, AWS/Azure Security certifications
- GIAC (e.g., GCIA, GCIH) or equivalent
Key Skills & Attributes
Strong balance of technical depth and leadership capability
Hands-on, pragmatic approach with the ability to dive into details when needed
Experience implementing Zero Trust architectures
Proficiency in scripting/automation (Python, PowerShell, etc.)
Strong understanding of threat detection and adversary tactics
Excellent communication skills with the ability to influence stakeholders at all levels
Experience operating in regulated financial services environments
Strong verbal and written communication skills
Fluent in Portuguese and English
Employees in this role will work fully remote. Every department has different needs, and some positions will be designated in-office jobs, based on their function.
Benefits
iCapital offers a comprehensive benefits package that includes a total compensation program consisting of competitive salary, annual performance bonus, and equity for all full-time employees; healthcare with 100% employer-paid health and dental insurance; and generous paid time off (PTO).
For additional information on iCapital Network, please visit https://www.icapitalnetwork.com/about-us Twitter: @icapitalnetwork | LinkedIn: https://www.linkedin.com/company/icapital-network-inc
