Senior Information Security Engineer, SSO

Job Title

Senior Information Security Engineer, SSO

Requisition Number

R1900 Senior Information Security Engineer, SSO (Open)


Glendale, Arizona

Additional Locations

Job Information

Develops security controls, defenses and countermeasures to ensure least-privilege access or to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Develops, maintains and publishes corporate information security standards, procedures and guidelines for enterprise computing platforms.

Specialist level competent to work in all phases of assignments. Incumbents work with a high level of independence. Provide technical expertise to associates and other functional areas. Responsible for all project management and related activities for assignments of diverse scope and complexity.

Responds to security incidents according to the computer security incident response policy. Provides guidance to first responders for handling information security incidents. Coordinates efforts among multiple business units during response efforts. Provides timely and relevant updates to appropriate stakeholders and decision makers. Limited to moderate direction.

Provides investigation findings to relevant business units to help improve information security posture.

Validates and maintains incident response plans and processes to address potential threats.

Designs, revises and enhances metrics to increase effectiveness. Compiles and analyzes data for management reporting and metrics.

Monitors information security related websites/newsgroups/etc. to stay up to date on current attacks and trends. Analyzes potential impact of new threats and communicates risks to relevant business units.

Researches, designs, and implements information security solutions for organization systems and products that comply with all applicable security policies and standards.

Interfaces with management from user communities to understand their security needs. Develops and implements information security solutions for critical elements of the business. Contributes to enterprise wide security architecture and solutions.

Develops, tests, debugs and deploys code, scripts and processing routines that support security protocols for secure system integration as needed.

For employees focused on identity access management engineering:

Develops strategies and oversees implementation and updates of Identity and Access Management technologies.

Assists in the review and update of information security policies, architecture, and standards

Performs engineering for points of integration between IAM technologies and other systems. Provides installation and integration guidance to the system development staff. Documents developed solutions.

Communicates security risks and solutions to business partners and IT staff as needed.

Provides support to the business and IT staff for security related issues.

Provide internal security consulting for complex application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.

Provides tier-3 support for incident resolution

For Employees focused on identity and access management analysis:

Evaluates business Identity and Access Management requirements for enterprise business application integration or service activation.

Plans, organizes and leads requirements sessions and analyzes business requirements for system access (role mining/role engineering). Prepares stakeholders for their roles in participating in these sessions.

Ensures that frequent organizational changes impacting user access needs are correctly translated to AM processes and automation.

Coordinates periodic user access certification with business process or data owners.

For employees focused on cyber threat, prevention, detection and response:

Researches attempted or successful efforts to compromise systems security and designs countermeasures.

Analyzes and makes recommendations to improve network, system, and application architectures

Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems.

Examines network, server, and application logs to determine trends and identify security incidents

Validates and maintains incident response plans and processes to address potential threats or outages.

Creates and maintains logical security reporting that facilitates logical security monitoring. This include examining network, server, and application logs to determine trends and identify security incidents.

Leads response to audits, penetration tests and vulnerability assessments.


Knowledge of security issues, techniques and implications across all existing computer platforms.

Expertise in account management, password auditing, network based and Web application based vulnerability scanning, virus management and intrusion detection.

Technical expertise in systems administration and security tools, combined with the knowledge of security practices and procedures.

Able to work with a changing schedule that includes standard or non-standard business hours of work.


Advanced skill set and knowledge of access management technologies such as: Ping Federate, Ping and Microsoft directories and CyberArk


Bachelor's or equivalent experience in Computer Science, Information Systems, or other related field.

8+ years of relevant experience


Information Security Industry certifications

  • LI-BA1

B.S. - Computer and Information Science, Certified Information System Security Professional - ISC2

Meet Some of CSAA Insurance Group's Employees

Jose C.

Business Consultant

Jose is in charge of understanding every disruption that takes place in the industry, then formulating a plan to continue helping clients succeed in spite of those issues.

Barbara C.

Disaster Recovery Specialist

Barbara focuses on preparing both tools to combat cyber attacks from hackers and backup and recovery programs that can be applied in the event of a large-scale technology disaster.

Back to top