What are the responsibilities and job description for the Security Control Engineer position at Holistic Partners, Inc?
Job Description
Role: Security Controls Engineer
Location: Irving, Texas, United States
Duration: Full Time
Experience: 6 to 12 years
Key Responsibilities
• Design and develop custom security controls based on threat modelling outputs
• Build:
- Detective controls using Python-based frameworks
- Preventative controls using OPA/Rego policies
• Extend and enhance existing security control frameworks
• Develop and maintain:
- Automated unit tests
- Behavioral (BDD) test cases
• Integrate controls into CI/CD pipelines for continuous validation
• Collaborate with:
- Threat modeling teams
- Cloud architects
- Security SMEs
Required Qualifications
This is a development-heavy role. Candidates must demonstrate strong coding capability.
Security experience is required, but coding proficiency is mandatory.
• Minimum of 3-5 years of experience in DevSecOps engineering with a focus on cloud environments (AWS, GCP, Azure), ideally working within a security program.
• Strong software engineering background - proficiency in software testing methodologies and tools.
• Advanced proficiency in Python - proficiency with Python and Terraform for testing, automation and custom tool development.
• Proficiency with:
- API integrations and backend development
- Writing scalable, maintainable code
• Hands-on experience with:
- Automated testing frameworks (Python)
- CI/CD pipelines
• Experience with cloud-native development and architecture, leveraging services and tools specific to AWS, GCP, and Azure.
• Experience with detection engineering: detection-as-code practices, developing and maintaining detection rules
• Hands-on experience with Open Policy Agency (OPA) for policy enforcement
• Proficiency in DevOps tools and practices
• Experience with SIEM query languages such as Splunk SPL, YARA rules, etc.
• MUST pass Karat Assessment (Python focused).