Cybersecurity Engineer

At Enact Mortgage Insurance (Nasdaq: ACT), we understand that there is no place like home. That is why we bring our deep expertise, insightful offerings, and extra mile service to work every day to help lenders put more people in homes and keep them there.

We are looking for a Cybersecurity Engineer in Raleigh, NC to join us in fulfilling our mission, while using our values of excellence, improvement, and connection. In this role, you will assume responsibility for enhancing our technical security vulnerability management processes with an emphasis on finding, triaging, coordinating, and addressing code, configuration, and patch related security vulnerabilities within our application delivery pipelines and in production, within cloud and on-premises.

WHY WORK AT ENACT

• We bring innovative thinking to the situations at hand.

• We seek out and incorporate diverse views to strengthen our outcomes.

• We work on challenging and rewarding projects.

• We offer competitive benefits:

  • Hybrid work schedule (shared in-office days Tuesdays – Thursdays)

  • Generous Time Off

  • 40 Hours of Volunteer Time Off

  • Tuition Reimbursement and Student Loan Repayment

  • Paid Family Leave and Flexible Spending Accounts

  • 401k with up to 5% employer match

  • Fitness and Emotional Wellness Reimbursements

YOUR RESPONSIBILITIES

• Vulnerability Discovery and Management: Lead the effort to find security vulnerabilities across the organization's assets, including servers, web services, network devices, cloud infrastructure, and SaaS applications. This includes implementing and supporting security scanning tools such as Tenable, Amazon Inspector, SAST, and DAST, and conducting manual penetration tests when necessary.

• Triage and Prioritization: Evaluate identified vulnerabilities to figure out their nature, urgency, and potential impact. Work with technical and operational teams to categorize and prioritize vulnerabilities based on their refactored risk level, assigning proper response measures from immediate fixes to compensating controls.

• Technical Remediation: Collaborate with development, operations, and technology teams to address vulnerabilities in code, configurations, patches, and third-party libraries. Ensure proper mitigations are in place, including refactoring code, adjusting configurations, applying patches, or implementing compensating controls.

• Process Optimization and Reporting: Set up and manage an ongoing vulnerability management process that includes tracking, reporting, and communication mechanisms. Generate regular dashboards, reports, and updates for stakeholders and executives, ensuring compliance with regulatory requirements such as NY DFS, SOX, and SOC 2, and addressing specific customer needs.

• Continuous Improvement: Drive continuous improvement initiatives to optimize the technical security vulnerability management process. This includes refining the scope of scanning activities, expanding the vulnerability database, and enhancing collaboration with development and infrastructure teams to find and address vulnerabilities earlier in the application and infrastructure delivery process.

Success in the First Year:

• Success for the Cybersecurity Engineer in the first year will include the establishment of a robust and efficient vulnerability management program that encompasses the full lifecycle from identification to remediation and reporting. This includes effectively integrating security tools and procedures into application delivery pipelines, reducing the time to detect and remediate vulnerabilities. Additionally, the engineer will have developed a comprehensive reporting and communication structure, offering clear insights into the organization's security posture, meeting regulatory requirements, and achieving measurable improvements in reducing vulnerabilities across critical assets.

YOUR QUALIFICATIONS

Required:

• An undergraduate degree in cybersecurity or equivalent and relevant industry experience.

• 10+ years in cybersecurity with a strong emphasis on technical security vulnerability management, including penetration testing.

• Demonstrated ability to educate an engineering audience about technical application security vulnerabilities, i.e., OWASP Top Ten, OWASP API Security Top 10.

• Adept in a data-driven approach for decision-making and a risk-based mindset to prioritize and address security concerns effectively.

• A clear understanding of the business impact of security and the ability to align security strategies with business goals.

• Excellent communication and people skills, capable of engaging effectively with various functional areas.

• Analytical and problem-solving abilities.

Preferred:

• Strong understanding of AWS and Azure cloud services and experience finding and addressing security vulnerabilities within cloud platforms and workloads.

• Experience in DevSecOps practices, particularly in automating security testing within CI/CD pipelines and conducting static and dynamic code analyses.

COMPANY

Enact is a leading publicly traded U.S. private mortgage insurance provider, offering borrower-centric products that enable lenders and other partners across the U.S. to help people responsibly achieve and maintain the dream of homeownership.

By empowering customers and their borrowers, Enact seeks to positively impact the lives of those in the communities in which it serves in a sustainable way. Headquartered in Raleigh, North Carolina, we play an active role in supporting a healthier Triangle community. We also support our colleagues’ philanthropic efforts in their home communities across the U.S.

Enact values all perspectives, characteristics and experiences, and DEI remains at the forefront of what we do. We strive to create an environment where employees can bring their full, authentic selves to work to help each other and their customers.

We are proud to be an equal opportunity employer and all hiring decisions are based on merit, qualifications, and business needs. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.