Lead Information Security Engineer

March 19

Apply Now

Receive Emails with Similar Jobs

Root Inc.

WebsiteLinkedInAll Job Openings

Root Inc. is an innovative car insurance company that utilizes mobile technology to offer personalized insurance rates based on individual driving behavior. The company operates through its app, which collects driving data via smartphone sensors, enabling it to provide more accurate and often cheaper auto insurance quotes for good drivers. Customers can manage their policies, file claims, and even earn rewards through the app, making it a convenient choice for users. Root Inc. emphasizes savings for safe drivers and provides additional features such as roadside assistance. Their services are available in various states across the U. S. , although some limitations apply depending on location.

Car Insurance • Mobile App • Technology • Automotive Telematics • Insurance

1001 - 5000 employees

Founded 2015

💳 Fintech

👥 B2C

📋 Description

• Set and drive Root’s overarching security vision. • Collaborate with engineering, product, and data science teams to translate high-level business goals into tactical security initiatives that safeguard customer and company data. • Guide and support security engineers and cross-functional teams through advanced threat modeling, architectural reviews, and secure coding practices. • Proactively partner with Product to ensure security is built into project roadmaps from the outset, balancing innovation and delivery timelines with robust risk mitigation strategies. • Establish frameworks that align with relevant regulatory and compliance requirements (e.g., SOC 2, PCI-DSS, NIST). • Architect scalable security solutions that minimize manual processes through automation. • Regularly evaluate and adopt emerging security tools and processes.

🎯 Requirements

• At least five years experience leading strategic security efforts in cloud-centric environments, ideally with AWS, including deep expertise in Cloud IAM, network security, threat detection, and logging/monitoring. • Experience securing container-based and serverless infrastructure using managed services such as ECS and AWS Lambda. • Ability to influence cross-functional teams, build strong partnerships, and secure stakeholder support—including executive leaders—for security initiatives. • Excellent communication skills, with an ability to translate complex security concepts into understandable terms for both technical and non-technical audiences. • Comfortable switching from high-level strategic decisions to hands-on technical tasks, including triaging incidents, reviewing code, or configuring security tools. • Experience maturing security practices, and embedding improvements and controls into existing product/engineering approaches. • A passion for staying ahead of evolving threats, security trends, and best practices—translating these insights into actionable improvements for Root’s security posture. • Proficiency in scripting and automation using programming languages such as Python or Ruby. • Advanced knowledge of security frameworks (SOC 2, PCI-DSS, NIST, etc.), threat modeling, secure design principles, and the ability to embed these practices within CI/CD pipelines. • Demonstrated success in developing and guiding security engineers, providing technical leadership while fostering a culture of continuous learning and professional growth. • Willingness to participate in an on-call rotation to address critical security incidents and ensure timely response.