Principal Information Security Engineer

Who You Are:
You’re a hands-on security expert with deep technical experience in cloud security, threat detection, and security operations. You thrive in an environment where you can build and implement security solutions while leading a small but critical security function. Your expertise in securing cloud environments, managing security tooling, and proactively addressing security threats makes you the right fit to own and drive our security program.
You enjoy solving complex security challenges, automating security processes, and working closely with engineering teams to integrate security into everything we do.
Does this sound like you? If so, apply today and let’s start the conversation!

What You’ll Do:

• Own and drive the security roadmap, ensuring our cloud-based infrastructure is secure, resilient, and scalable.
• Lead and mentor a small security team, driving security best practices and technical growth.
• Design and implement security solutions, including identity & access management, vulnerability management, and threat detection.
• Lead incident detection and response, implementing tooling and automation to improve security operations.
• Work with engineering teams to integrate secure development practices, threat modeling, and security testing into the software lifecycle.
• Maintain and improve SOC2 compliance and security assessments, ensuring practical, risk-based controls.
• Conduct penetration testing and security reviews, identifying and mitigating vulnerabilities in our environment.
• Manage security tooling, including DLP, Authentication, IAM and cloud security platforms.
• Monitor emerging threats and proactively harden infrastructure and applications against evolving attack vectors.
• Own and improve disaster recovery and business continuity plans, ensuring resilience against security threats.

What You Have:

• 7+ years of hands-on security engineering experience, preferably in a SaaS or B2B environment.
• Experience leading and mentoring a security team or operating as the primary security lead in a company.
• Strong cloud security expertise (AWS) and experience with infrastructure-as-code security.
• Deep understanding of threat detection, incident response, and vulnerability management.
• Proficiency in security tooling, including SIEM, EDR, and IAM solutions.
• Ability to write scripts and automation (Python, Terraform, etc.) to improve security posture.
• Strong risk management skills, with a pragmatic approach to balancing security and business needs.
• Familiarity with SOC2, NIST, ISO 27001, and regulatory frameworks (GLBA, CCPA).

Why Join Polly:

• We are attacking a trillion-dollar market with gross inefficiencies and seeking to transform the way an entire industry operates 
• You will have an impact on the design, architecture and implementation of markets that are often called the engine of US economy
• We value drive for excellence, independent thinking, teamwork and curiosity
• You will work with both government backed and industry leading companies to create a digital pipeline that facilitates real time trading of loans
• We have an experienced leadership team that previously built large and impactful platforms 
• Outstanding opportunity for professional growth and upward mobility 
• Direct engagement with the decision makers and senior business leaders 
• Competitive salaries
• 100% paid medical/vision/dental/disability/life insurance 
• Unlimited PTO
• Hybrid environment; 3x weekly in an innovation hub in San Francisco or Dallas

Let’s get to know each other.
Polly is transforming the mortgage industry with its modern, data-driven capital markets ecosystem. Banks, credit unions, and mortgage lenders nationwide trust Polly’s revolutionary Product and Pricing Engine (PPE), Loan Trading Exchange, and actionable data and analytics to automate and optimize the entire capital markets value chain, helping their secondary teams operate faster, smarter, and more profitably. Polly was founded in 2019 by a seasoned team of technology and mortgage experts and is headquartered in San Francisco, California. 
To learn more, follow Polly on LinkedIn or visit www.polly.io.  Polly is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, age, color, national origin, religion, sex, gender identity, sexual orientation, marital status, pregnancy status, disability status, veteran status, or any other legally protected status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Beware of recruitment scams impersonating Polly brand or employees. Our team communicates only through official Polly channels, and we will never ask for sensitive information over text or conduct text-only interviews. If you are ever suspicious or in doubt, reach out to us directly at peopleteam@pollyex.com.  We care deeply about this network and your experience.