Lead Information Security Engineer I

CURRENT ROOT EMPLOYEES - Please apply using the career page in Workday. This career site is for external applicants only.

 

The Opportunity

At Root, we’re revolutionizing the insurance industry by harnessing technology and data to build innovative, customer-centric products. Our Information Security team is essential in managing risk and empowering our engineering and product teams to develop cutting-edge solutions. We’re seeking a Lead Security Engineer who will not only enhance our security posture but also collaborate across departments and lead critical security initiatives in a dynamic, high-growth environment.

In this role, you’ll work to shape strategic initiatives, collaborating seamlessly with engineering, product, and data science teams, and implementing robust measures that keep our innovative solutions secure and resilient at scale.

Root is a “work where it works best” company. This means we will support you working in whatever location that works best for you across the US.

Salary Range: $118,736 - $148,420 (Bonus and LTI Eligible)

How You Will Make an Impact

• Strategic Security Leadership: Set and drive Root’s overarching security vision. Collaborate with engineering, product, and data science teams to translate high-level business goals into tactical security initiatives that safeguard customer and company data.

• Technical Mentorship & Team Enablement: Guide and support security engineers and cross-functional teams through advanced threat modeling, architectural reviews, and secure coding practices. Serve as a go-to expert, elevating security awareness and skill sets across the organization.

• Cross-Functional Alignment: Proactively partner with Product to ensure security is built into project roadmaps from the outset, balancing innovation and delivery timelines with robust risk mitigation strategies.

• Governance, Risk & Compliance: Establish frameworks that align with relevant regulatory and compliance requirements (e.g., SOC 2, PCI-DSS, NIST). Oversee risk assessment processes to help teams prioritize and remediate vulnerabilities.

• Security Architecture & Automation: Architect scalable security solutions that minimize manual processes through automation. Influence design patterns and infrastructure configurations to ensure secure-by-default implementations within AWS and related services.

• Forward-Thinking Program Development: Regularly evaluate and adopt emerging security tools and processes. Craft a long-term roadmap that anticipates threat evolution and positions Root at the forefront of secure product delivery.

What You Will Need to Succeed

• At least five years experience leading strategic security efforts in cloud-centric environments, ideally with AWS, including deep expertise in Cloud IAM, network security, threat detection, and logging/monitoring.

• Experience securing container-based and serverless infrastructure using managed services such as ECS and AWS Lambda.

• Ability to influence cross-functional teams, build strong partnerships, and secure stakeholder support—including executive leaders—for security initiatives.

• Excellent communication skills, with an ability to translate complex security concepts into understandable terms for both technical and non-technical audiences

• Comfortable switching from high-level strategic decisions to hands-on technical tasks, including triaging incidents, reviewing code, or configuring security tools.

• Experience maturing security practices, and embedding improvements and controls into existing product/engineering approaches.

• A passion for staying ahead of evolving threats, security trends, and best practices—translating these insights into actionable improvements for Root’s security posture.

• Proficiency in scripting and automation using programming languages such as Python or Ruby.

• Advanced knowledge of security frameworks (SOC 2, PCI-DSS, NIST, etc.), threat modeling, secure design principles, and the ability to embed these practices within CI/CD pipelines.

• Demonstrated success in developing and guiding security engineers, providing technical leadership while fostering a culture of continuous learning and professional growth.

• Willingness to participate in an on-call rotation to address critical security incidents and ensure timely response.

 

Don’t meet every single requirement?

Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At Root, Inc., we are dedicated to building a diverse and inclusive workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway!

Join us

At Root, we judge people based on the merit of their work, not who they are. If you are passionate about what this role entails and solving real problems, we encourage you to apply. We want to learn about you and what you can add to our team.

Who we are

We’re harnessing the power of technology to revolutionize insurance. Using machine learning and mobile telematic platforms, we’ve built one of the most innovative FinTech companies in the world. And we’re just getting started.

What draws people to Root

Our success is in large part due to our unwavering standards in hiring. We recognize that our products are only as good as the people building and promoting them. We want individuals who find solutions by going through the cycle of ideation to implementation with curiosity, rigor, and an analytical lens. Ask anyone who works here and you’ll hear similar reasons for why they joined:

Autonomy—for assertive self-starters, the opportunities to contribute are limitless.

Impact—by challenging the way it’s always been done, we solve problems that have a big impact on our business.

Collaboration—we encourage rich discussion and civil debate at every turn.

People—we are inspired by the collection of crazy-smart people around us.