InfoSec Engineer II, Security Tools and Development

Job description

At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.

When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the microphone and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 5,000 people across the globe who think that’s work worth doing.

InfoSec Engineer II, Security Tools and Development - CDMX

Why We Have This Role

Qualtrics has grown exponentially and that growth means constantly evaluating how we secure systems, identifying potential threats, and implementing the tooling necessary that will help us maintain a strong security posture at scale. We are looking for an experienced engineer to join our security development team who can own technical initiatives, work with others across the organization, analyze systems, and implement technical solutions that improve our ability to identify, stop, and respond to potential threats. A key focus of this role will be strengthening our identity and access management capabilities across our cloud infrastructure and engineering platforms.

How You’ll Find Success

• You want to lean in and help the organization be secure without slowing people down.
• Stopping the bad guys is what it’s all about for you.
• You are as comfortable on the command line as you are in a GUI, if not more so.
• Experimenting with existing tools or building new ones to help secure our infrastructure makes everyday exciting for you.
• You can independently design and implement complex security solutions.
• You enjoy mentoring others and sharing your expertise across teams.
• You’re passionate about identity and access management, understanding that proper authentication and authorization are the foundation of security.

How You’ll Grow

• At Qualtrics, your experience as a Security Development Engineer will equip you with advanced practical skills essential for the security landscape. You’ll become an expert in Identity and Access Management (IAM), mastering complex authentication and authorization flows that protect our data at scale. This includes deep experience with cloud IAM, federated identity, and zero-trust access models.
• As you work on vulnerability scanning and management, you’ll manage efforts to identify security vulnerabilities and deploy essential security tools that strengthen our defenses. You’ll also improve your automation skills by creating self-service tools that enable engineering teams to prioritize security without slowing down their processes.
• Leading collaboration with cross-functional teams will provide insights into integrating security measures across different product lines. You’ll gain hands-on experience with technologies such as Python, Docker, EKS, and AWS, enhancing your ability to automate processes and improve incident response.
• In addition, you’ll leverage AI and analytics to optimize threat detection and enhance overall efficiency. Navigating regulatory compliance requirements will deepen your understanding of security audits and industry standards.
• Through this role, you will build both your technical and soft skills, including problem-solving and teamwork, preparing you for a successful career in cybersecurity or software engineering. At Qualtrics, every challenge presents an opportunity to grow and enhance our security posture.

What We’re Looking For On Your Resume

• You will have a degree in computer science or similar degree with demonstrated expertise in security.
• 3-5 years of progressive experience in information security or security engineering
• Strong proficiency with modern programming languages such as Python, and extensive experience using technologies like Docker, AWS, or Kubernetes to build and strengthen security solutions.
• Professional experience demonstrating deep familiarity with security engineering principles and their application in vulnerability scanning and identity and access management (IAM).
• Hands-on experience with identity providers (e.g., Okta, Azure AD, AWS SSO) and implementing role-based access controls (RBAC) in enterprise environments.
• Hands-on experience with compliance standards or regulatory requirements, showcasing advanced understanding of best practices in cybersecurity.
• Experience mentoring junior engineers and managing difficult technical initiatives.

Things You’ll Do

• Take on the design and deployment of security tooling, ensuring seamless handoff to operational teams.
• Design and build sophisticated self-service tools to empower engineers to own the security of their products.
• Enable platform integrations to automate processes and improve our incident response.
• Drive collaboration with diverse teams to foster a security-first culture and accelerate secure product development.
• Design and implement custom vulnerability scanning tooling to identify vulnerabilities and guide Engineering teams with remediation.
• Manage compliance scanning and work towards meeting our compliance obligations for audits and regulatory standards.
• Build and enhance centralized identity and access management tools to streamline user provisioning, de-provisioning, access controls, and compliance across engineering teams.
• Identify and implement new technologies and processes to improve security such as secure browser, device trust, or data loss prevention tooling.
• Perform analysis of anomalies using log management solutions (e.g. splunk, sumo logic, elastic, OSSEC).
• Strategically leverage AI to improve our security processes and identify optimizations, enhancing overall efficiency and effectiveness.
• Mentor junior team members and provide technical guidance on complex security challenges.
• Maintain and manage password management infrastructure and multi-factor authentication systems for the Engineering organization.
• Build and maintain comprehensive AWS identity and access management frameworks, including IAM policies, SSO integration, and automated access reviews to ensure secure, compliant, and scalable cloud access controls.

Some technologies we use to accomplish our goals - Python!!!, Linux, Kubernetes, AWS, Docker, Puppet/Hiera, and Bash. We use metrics and log search systems such as Splunk for visibility and alerting.

What You Should Know About This Team

• Small agile team that has immediate impact on development of tools
• Team members are encouraged to own their projects and take calculated risks to improve security
• We are a security-focused team that values collaboration and encourages every team member to actively participate in improving our security measures.
• Senior team members are expected to mentor others and drive technical excellence.
• We work across teams to ensure security is embedded into all our operations and products
• Our team is committed to your personal and professional development, offering regular feedback and mentorship opportunities to help you advance your career in cybersecurity

Our Team’s Favourite Perks and Benefits

• Work life integration is deeply important to us - we have frequent office events, team outings, and happy hours.
• We take pride in our office designs aiming at cultivating creativity, from our rooftop views to an open and collaborative work space.
• On top of standard benefits packages (medical, dental, vision, life insurance, etc) we provide snacks, drinks, and free lunches in our offices.
• We believe in sharing Qualtrics success which is part of the compensation for all employees.

The Qualtrics Hybrid Work Model: Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life.

Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.

​​​​​​​ Applicants in the United States of America have rights under Federal Employment Laws: Family & Medical Leave Act , Equal Opportunity Employment , Employee Polygraph Protection Act

Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.

Not finding a role that’s the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You’ll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.