Lead Security Engineer

About This Role

Responsibilities

• Collaborate with business stakeholders to design secure applications, test applications for security weakness, and partner on remediation of identified issues.
• Mentor engineers and security champions on practical threat modeling techniques
• Triage and prioritize security risks, vulnerabilities, and exceptions in alignment with business impact and risk tolerance.
• Coordinate the orchestration, automation, and management of security technologies and platforms.
• Own day-to-day life cycle management, including identification, threat assessment, threat modeling and risk avoidance.
• Create reasonable and actionable reports showing direct impact to the security posture.
• Define and implement meaningful metrics to measure the effectiveness of security controls through KRIs and security scorecards.
• Serve as a subject-matter-expert for Application Security; act as a first point of contact for critical issues, security risk assessments and triaging CI/CD issues with Partners and stakeholders.
• Evaluate business and technical requirements to identify and implement tools, processes, and technologies to improve security posture in environments.
• Use data to drive prioritization, highlight systemic issues, and influence roadmap decisions

Requirements

• 6-8 years of experience in a Security Engineering role
• Proven experience in DevSecOps, Cloud Security, and Application Security
• Strong independent critical thinking and problem-solving skills
• Experience using vulnerability scanning technologies, AST platforms, and cloud security tooling
• Formal experience with threat modeling
• Experience leading projects, initiatives, and resources through direct and indirect leadership
• Deep knowledge of Assessing and prioritization of Risk with ability to think like a bad actor
• Cloud experience (AWS, Azure, GCP)
• Infrastructure as Code (IaC) and Policy as Code (PaC) Concepts
• Proven communication, collaboration, and critical thinking skills
• Ability to build trusting, meaningful relationships with peers, stakeholders, partners and suppliers
• Ability to define and communicate risk in a business-relevant language to both non-technical and technical audiences
• Ability to apply expert knowledge to solve complex business/technical issues strategically
• Desire for life-long learning and continuous personal/professional development
• Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53
• Ability to automate tasks and code solutions to repetitive problems
• Scripting or programming experience (Java, .NET, HTML, Ruby, PHP, Perl, C#, Python, JavaScript, PowerShell, Bash)
• Experience with penetration testing and web application assessment

Benefits & Perks

About Gartner

Gartner, Inc. is a prominent global research and advisory firm founded in 1979, with a focus on providing insights and consulting services primarily in information technology (IT). Headquartered in Stamford, Connecticut, Gartner operates over 110 offices in more than 100 countries and employs around 16,000 people. The company reported revenue of $4.25 billion and has a market capitalization of approximately $31.48 billion as of April 2025. Gene Hall has been the CEO since 2004. Gartner's core offerings include research and advisory services, featuring impactful reports and market analysis tools like the Magic Quadrant and Hype Cycle. The firm provides consulting on IT strategy, digital business operations, and emerging technologies. Over the years, Gartner has expanded its focus beyond IT into areas such as digital transformation and cloud computing, positioning itself as a leading provider in market research. Its client base includes businesses in the IT sector and organizations seeking strategic guidance.