Principal Security Engineer

About Ethos

Ethos is a leading life insurance technology company on a mission to protect families by democratizing access to life insurance and empowering agents at scale. With its robust three-sided technology platform, Ethos is transforming the life insurance experience for consumers, agents, and carriers alike. Ethos offers instant, accessible products and a seamless online process that requires no medical exams and just a few health questions; it eliminates traditional barriers, making it easier than ever for everyone to protect their families. Ethos is redefining how life insurance is bought, sold, and underwritten.

About the Role

As a Security Architect, your role involves designing, reviewing, and enhancing security frameworks, ensuring alignment with business goals for both existing and new security solutions. You'll be accountable for implementing and upholding technical security measures in line with best practices and organizational needs. Effective collaboration with various teams and stakeholders will be essential to safeguard company assets and data. This role demands both active, hands-on participation and forward-thinking strategy to uphold, shape, and develop security architecture while we expand and evolve.

Duties and Responsibilities:

• Conduct Threat Modeling & Architectural Assessments to cover all Information Security domains to ensure Security by Design


• Assess technologies and solutions to develop and enrich security capabilities


• Identify security gaps and communicate associated business risks to relevant stakeholders


• Craft solutions that harmonize business needs with security and compliance requirements


• Verify the effectiveness of security controls in mitigating identified risks


• Assist engineering projects across the Software Development Life Cycle (SDLC) and collaborate to prioritize product security elements effectively


• Apply expertise in information security and application development to instigate organizational shifts aimed at managing and resolving security weaknesses and vulnerabilities


• Contribute to the creation of security policies, standards, and guidelines


• Devise and implement frameworks for data classification, retention, and disposal to ensure alignment with data privacy regulations


• Spearhead initiatives for data security awareness and training

Qualifications and Skills:

• 15+ years of experience in Information Security with at least 2 years as a Security Architect


• Bachelor’s Degree in Computer Science or related field, or an additional 3 years of pertinent work involvement preferred


• Strong knowledge of prevalent security architectures, frameworks, standards and emerging threats along with strategies and technologies for defense


• Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts


• Expertise in cloud computing and its associated best security practices encompassing applications, infrastructure, storage, platforms, and data security


• Ability to conduct threat modeling and risk assessments


• CISSP certification, while not required, is highly preferred

#LI-Hybrid

#LI-SP1

Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. At Ethos we are dedicated to building a diverse, inclusive and authentic workplace.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Pursuant to the SF Fair Chance Ordinance, we will consider employment for qualified applicants with arrests and conviction records.

To learn more about what information we collect and how it may be used, please refer to our California Candidate Privacy Notice.

Recruitment Notice: Please be aware of recruitment scams. All legitimate communication from our team will only come from email addresses ending in @ethos.com or @getethos.com.

We will never ask for payment, banking details, or sensitive personal information during the hiring process. If you are contacted by someone claiming to represent us from a different email address, please treat it as fraudulent.