Apply on Employer Site

COCC · 9 hours ago

Sr. Risk Engineer

Rocky Hill, CT

Full-time

Hybrid

Mid, Senior Level

$84K/yr - $122K/yr

5+ years exp

COCC is an industry-leading fintech provider delivering innovative technology solutions. The Senior Risk Engineer will play a critical role in shaping and enforcing the organization's security posture, focusing on designing policies, ensuring compliance, and leveraging security tools to strengthen vulnerability management and overall defense strategies.

ConsultingFinanceInformation TechnologySoftware

No H1B

Hiring Manager

Ashley Browning

Responsibilities

Create, refine, and enforce security standards and procedures across the organization

Monitor and validate adherence to regulatory frameworks, industry standards, and internal policies. Identify control weaknesses, regulatory compliance issues, and potential areas of risk

Utilize security tools to identify, assess, and assist in the remediation of vulnerabilities across infrastructure and software applications

Partner with IT, security engineering, software development, and business units to embed security into processes and projects from the start

Evaluate emerging threats, analyze system risks, and recommend mitigation strategies for addressing those risks to the organization. Research evolving security threats, tools, and best practices to help proactively strengthen defenses

Participate in the regulatory review process/standard, including generating reports, executing third-party security reviews, and working with Internal Audit

Perform system reviews for network devices, web applications, and modern operating systems ensuring compliance with CIS

Work without supervision and use advance knowledge to make judgment calls where necessary

Coach, mentor, and guide junior engineers and analysts on a highly collaborative team

Qualification

Information securityRisk engineeringSecurity certificationsVulnerability management toolsRegulatory complianceScriptingAutomationCloud environmentsClear communicationMentoringCollaboration

Required

A bachelor's degree (IT/IS preferred), or equivalent hands-on experience

5–7 years in information security, risk engineering, or related field(s)

Industry-recognized security certifications such as SecurityX, GSEC, or CISSP

Hands-on experience with vulnerability management tools (e.g., Qualys, Tenable, Rapid7), SIEM platforms, and compliance frameworks (NIST, SOC 2). General knowledge of FFIEC guidelines and regulations a plus

Strong understanding of regulatory requirements and security governance

Ability to assess complex systems, identify risks, and propose actionable solutions

Clear and effective communicator with the ability to influence stakeholders and present findings to peers as well as leadership

Scripting and automation capability in Python, Perl, or Powershell. Ansible, terraform, or n8n experience a plus

General knowledge of route/switch functionality, network security, and operating systems such as Windows, Linux, and MacOS

Experience working in Cloud as well as Container environments

Familiarity with CI/CD security controls and container compliance