Principal Security Engineer

Are you looking to make an impactful difference in your work, yourself, and your community? Why settle for just a job when you can land a career? At ICW Group, we are hiring team members who are ready to use their skills, curiosity, and drive to be part of our journey as we strive to transform the insurance carrier space. We're proud to be in business for over 50 years, and its change agents like yourself that will help us continue to deliver our mission to create the best insurance experience possible.

Headquartered in San Diego with regional offices located throughout the United States, ICW Group has been named for ten consecutive years as a Top 50 performing P&C organization offering the stability of a large, profitable and growing company combined with a focus on all things people. It's our team members who make us an employer of choice and the vibrant company we are today.

We strive to make both our internal and external communities better everyday! Learn more about why you want to be here!

This Principal Security Engineer owns the prevention–detection–response lifecycle and leads day‑to‑day Security Operations (SOC), Incident Response (IR), and Threat Management for the enterprise. The position ensures operational resilience across cloud, on‑prem, data platforms, and insurance core systems while reinforcing regulatory compliance and audit readiness. This role is a hands‑on security leader who blends technical depth, people leadership, and operational rigor, and acts as the Incident Commander during high‑severity events, partnering with IT Operations, Legal/Privacy, Compliance, and Business Leadership.

• Lead and develop SOC Analysts, Incident Response Engineers, Threat Hunters, Vulnerability Analysts, and SIEM/SOAR Engineers.
• Serve as Incident Commander for major security incidents, coordinating response execution, communications, and executive updates.
• Maintain and continuously improve incident runbooks, escalation matrices, response playbooks, and post‑incident review (PIR) processes.
• Drive alignment with NIST CSF, MITRE ATT&CK, NAIC Model Law, NYDFS 500, ISO 27001, and SOC 2 requirements.
• Report security posture, incident trends, and operational KPIs to senior leadership.

• Own SIEM and SOAR detection strategy and operational execution (Splunk, Microsoft Sentinel, Rapid7 SOAR, Cortex XSOAR).
• Build, tune, and optimize detections mapped to the MITRE ATT&CK framework.
• Lead digital forensics and incident response across endpoints, cloud, email, network, SaaS, and data platforms.
• Conduct proactive threat hunting using intelligence from ISACs, vendors, and internal telemetry sources.

• Operate and mature the enterprise vulnerability management program (Rapid7, Tenable, Qualys).
• Manage external attack surface monitoring and shadow IT discovery.
• Drive risk‑based prioritization, executive‑level reporting, and remediation tracking aligned to business impact.

• Oversee endpoint and identity security controls (Microsoft Defender, Crowd Strike, Entra , Okta, Privileged Access Management).
• Manage email and messaging security platforms (Proofpoint, Mimecast).
• Partner with Network teams on firewall operations, NDR, and network telemetry (Palo Alto NGFW, Prisma Access).

• Ensure complete security visibility across AWS and Azure environments.
• Manage logging, detections, and guardrails for Snowflake, data lakes, container platforms, and core policy and claims systems.
• Integrate application security and CI/CD signals into SOC monitoring and incident response workflows.

• Ensure evidence handling, documentation, and reporting meet regulatory and audit requirements.
• Lead and execute incident tabletop exercises tailored to Property & Casualty insurance business scenarios.
• Support regulatory exams, audits, and internal control assessments.

• Drive SOAR automation to reduce analyst toil and mean‑time‑to‑respond.
• St…