Principal Security Engineer

Are you looking to make an impactful difference in your work, yourself, and your community? Why settle for just a job when you can land a career? At ICW Group, we are hiring team members who are ready to use their skills, curiosity, and drive to be part of our journey as we strive to transform the insurance carrier space. We're proud to be in business for over 50 years, and its change agents like yourself that will help us continue to deliver our mission to create the best insurance experience possible.
Headquartered in San Diego with regional offices located throughout the United States, ICW Group has been named for ten consecutive years as a Top 50 performing P&C organization offering the stability of a large, profitable and growing company combined with a focus on all things people. It's our team members who make us an employer of choice and the vibrant company we are today. We strive to make both our internal and external communities better everyday! Learn more about why you want to be here!
PURPOSE OF THE JOB
This Principal Security Engineer owns the prevention–detection–response lifecycle and leads day‑to‑day Security Operations (SOC), Incident Response (IR), and Threat Management for the enterprise. The position ensures operational resilience across cloud, on‑prem, data platforms, and insurance core systems while reinforcing regulatory compliance and audit readiness. This role is a hands‑on security leader who blends technical depth, people leadership, and operational rigor, and acts as the Incident Commander during high‑severity events, partnering with IT Operations, Legal/Privacy, Compliance, and Business Leadership.
Essential Duties And Responsibilities
Leadership & Governance

Lead and develop SOC Analysts, Incident Response Engineers, Threat Hunters, Vulnerability Analysts, and SIEM/SOAR Engineers.
Serve as Incident Commander for major security incidents, coordinating response execution, communications, and executive updates.
Maintain and continuously improve incident runbooks, escalation matrices, response playbooks, and post‑incident review (PIR) processes.
Drive alignment with NIST CSF, MITRE ATT&CK, NAIC Model Law, NYDFS 500, ISO 27001, and SOC 2 requirements.
Report security posture, incident trends, and operational KPIs to senior leadership.
Detection Engineering & Incident Response

Own SIEM and SOAR detection strategy and operational execution (Splunk, Microsoft Sentinel, Rapid7 SOAR, Cortex XSOAR).
Build, tune, and optimize detections mapped to the MITRE ATT&CK framework.
Lead digital forensics and incident response across endpoints, cloud, email, network, SaaS, and data platforms.
Conduct proactive threat hunting using intelligence from ISACs, vendors, and internal telemetry sources.
Vulnerability, Exposure & Attack Surface Management

Operate and mature the enterprise vulnerability management program (Rapid7, Tenable, Qualys).
Manage external attack surface monitoring and shadow IT discovery.
Drive risk‑based prioritization, executive‑level reporting, and remediation tracking aligned to business impact.
Identity, Endpoint, Network & Email Security Operations

Oversee endpoint and identity security controls (Microsoft Defender, CrowdStrike, Entra ID, Okta, Privileged Access Management).
Manage email and messaging security platforms (Proofpoint, Mimecast).
Partner with Network teams on firewall operations, NDR, and network telemetry (Palo Alto NGFW, Prisma Access).
Cloud, Data & Application Security Telemetry

Ensure complete security visibility across AWS and Azure environments.
Manage logging, detections, and guardrails for Snowflake, data lakes, container platforms, and core policy and claims systems.
Integrate application security and CI/CD signals into SOC monitoring and incident response workflows.
Compliance, Audit & Resilience

Ensure evidence handling, documentation, and reporting meet regulatory and audit requirements.
Lead and execute incident tabletop exercises tailored to Property & Casualty insurance business scenarios.
Support regulatory exams, audits, and internal control assessments.
Automation & Operational Excellence

Drive SOAR automation to reduce analyst toil and mean‑time‑to‑respond.
Standardize logging requirements, security data models, and detection‑as‑code practices.
Continuously improve SOC efficiency, resilience, and service quality.
Partnership & Information Security Strategy

Participate in a committee that brings together key security and risk stakeholders to develop and review enterprise security and risk strategies.
Coordinate with technology and business groups to assess, implement, and monitor IT-related security risks and hazards.
Recognize the trade-offs required to manage the different levels of information security risk tolerance and risk exposure across the organization and balance this with risk investments.
Report security performance against established security metrics and service level agreements.
Understand “voice of the customer” and develop mechanisms to proactively sense adoption and usage patterns of consumer technologies by end-users so that policy can align with need.
Evaluate documented resolutions and analyze trends for ways to prevent future problems.
Cultivate, disseminate, and enforce policies, standards, and procedures.
Develop and implement long-term goals and objectives to achieve the successful outcome of the team.
Training, Policies & Awareness Programs.

Enhance the information security awareness program to customize communication tools and campaigns for each business unit and integrated services group.
Develop and recommend information security policies and procedures by evaluating organization outcomes, identifying problems, evaluating trends, and anticipating requirements.
Develop, conduct, support, or assist in governmental reviews, internal corporate evaluations, or assessments of the overall effectiveness of Security program. Develop procedures to evaluate organizational Security and General IT controls.
Lead security training and communicate policies. Lead by promoting a culture of collaboration, continuous improvement, quality and accountability.
Develop evaluation framework to assess the strengths of the team and to identify areas for improvement.
Supervisory Responsibilities
Directly supervises employees within the IS team and carries out supervisory responsibilities in accordance with company policies and applicable laws. These responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; conducting performance and salary reviews; rewarding and disciplining employees; addressing complaints and resolving problems; coaching, mentoring, and developing team members to further their skills and knowledge; creating and monitoring development plans; setting performance expectations/goals; forecasting staffing needs and planning for peak times and absences; enforcing department policies and procedures.
Required Qualifications

Bachelor’s Degree in Computer Science, IT, or similar field required.
Minimum 10+ years of cybersecurity experience, including 6+ years in Security Operations and Incident Response.
Minimum 3+ years leading technical security teams.
Deep expertise in SIEM and SOAR engineering.
Strong hands‑on incident response background, including forensics, containment, and executive communications.
Proven experience in vulnerability management and threat hunting.
Cloud security experience in AWS and Azure.
Understanding of Property & Casualty insurance platforms and regulatory obligations.
Preferred Qualifications – Ai‑driven Security Operations

Experience using large language models for alert triage, automated summarization, and signal classification.
Hands‑on or leadership experience with behavioral AI and NDR platforms (e.g., Darktrace).
Use of machine‑learning‑driven detection techniques such as UEBA, anomaly scoring, and clustering.
AI‑assisted detection engineering, including threat‑intelligence pattern extraction and rule or code generation.
Establishing AI governance and safe‑use patterns, including prompt controls, data redaction, and hallucination mitigation.
Integrating Snowflake data pipelines with ML engines for predictive risk scoring and incident correlation.
Applying AI to vulnerability triage, exploit likelihood prediction, and remediation pattern identification.
Preferred Certifications

GIAC (GCIA, GCFA, GCTI, GREM), CISSP, CCSP
AWS or Azure Security Specialty
Machine Learning or AI engineering exposure strongly preferred
Skills & Tools
Security Analytics & Operations

SIEM / SOAR: Splunk, Microsoft Sentinel, Rapid7 SOAR, Cortex XSOAR
EDR / XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto Cortex XDR
NDR / AI Security: Darktrace (preferred), Zeek, Suricata
Cloud, Data & Network

Cloud Security: AWS GuardDuty, AWS Security Hub, Azure Defender
Data Platforms: Snowflake, Event Hubs, Data Lakes
Network: Palo Alto Networks firewalls, Prisma Access
Data Protection & Messaging

DSPM / DLP: BigID, Purview, Symantec
Email Security: Proofpoint, Mimecast
Physical Requirements
While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently will sit, stand, walk, and bend during working hours. Requires manual and finger dexterity and eye-hand coordination. Required to lift and carry relatively light materials. Requires normal or corrected vision and hearing corrected to a normal range.
WORK ENVIRONMENT
This position operates in an office environment and requires the frequent use of a computer, telephone, copier, and other standard office equipment.
We are currently not offering employment sponsorship for this opportunity.
The current range for this position is
$139,874.00 - $250,377.40
This range is exclusive of fringe benefits and potential bonuses. If hired at ICW Group, your final base salary compensation will be determined by factors unique to each candidate, including experience, education and the location of the role and considers employees performing substantially similar work.
WHY JOIN ICW GROUP?

Challenging work and the ability to make a difference
You will have a voice and feel a sense of belonging
We offer a competitive benefits package, with generous medical, dental, and vision plans as well as 401K retirement plans and company match
Bonus potential for all positions
Paid Time Off
Paid holidays throughout the calendar year
Want to continue learning? We’ll support you 100%
ICW Group is committed to creating a diverse environment and is proud to be an Equal Opportunity Employer. ICW Group will not discriminate against an applicant or employee on the basis of race, color, religion, national origin, ancestry, sex/gender, age, physical or mental disability, military or veteran status, genetic information, sexual orientation, gender identity, gender expression, marital status, or any other characteristic protected by applicable federal, state or local law.
At ICW Group we offer a work environment that encourages entrepreneurialism and celebrates success. Our team members are hands-on contributors who are given the opportunity to make an impact. It's our people who make us an employer of choice and the vibrant company we are today.
Job Category: IT
Job Type: Full time
Req ID: JR101176