×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Director of Engineering – Security & Compliance Engineering

Job in Augusta, Kennebec County, Maine, 04338, USA
Listing for: Pearson
Full Time position
Listed on 2025-12-25
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
  • Engineering
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 170000 - 195000 USD Yearly USD 170000.00 195000.00 YEAR
Job Description & How to Apply Below

Director of Engineering – Security & Compliance Engineering

Join Pearson as the Director of Engineering for Security & Compliance. In this role you will embed security into the software development lifecycle, partner with engineering teams to drive secure-by-design architecture, and lead the program to reduce risk and harden platforms.

Role Overview

The Director of Security & Compliance Engineering (S&C) is a hands‑on technical leader who embeds security into the SDLC, partnering with engineering to drive secure-by‑design architecture, Dev Sec Ops  automation, and developer enablement. The role leads the PSG‑SC program to reduce risk, harden platforms, and streamline audits through engineering‑first practices and evidence from delivery systems.

Key Responsibilities
  • Architect and institutionalize secure SDLC practices (threat modeling, secure coding, dependency hygiene, automated testing, release gating).
  • Own Dev Sec Ops  integration across CI/CD (SAST/DAST/IAST, secrets scanning, SBOM, container/image hardening, IaC policy checks).
  • Drive shift‑left security through reusable CI/CD templates, policy‑as‑code, and golden paths.
  • Partner with platform/SRE to enforce WAF, API AuthN/AuthZ, mTLS, and runtime protections via guardrails—not gates.
  • Publish “paved road” tool chains, reference architectures, and code libraries with secure defaults.
  • Stand up sandboxed environments (e.g., Git Pod) and secure‑by‑default scaffolds to accelerate teams.
  • Deliver targeted training for engineers (OWASP, secrets, auth, threat modeling) tied to real code and pipelines.
  • Lead SOC 2 Type 2, HECVAT, and institutional reviews using automated evidence from pipelines and platforms.
  • Define OKRs and SLAs for vulnerability remediation, secrets rotation, agent coverage, and audit readiness; publish executive dashboards.
  • Align compliance asks with product/engineering roadmaps; triage by business risk and customer impact.
  • Own vulnerability management (Qualys/Snyk/OSS posture), secrets lifecycle and key rotation, and perimeter/API security.
  • Continuously monitor control health; ensure clear ownership, escalation paths, and exception processes.
  • Improve MTTD/MTTR by integrating detections with engineering telemetry and runbooks.
  • Optimize run costs for security tooling and tests; ensure renewals/SOWs are timely and value‑based.
  • Report posture, compliance status, and maturity trends; drive continuous improvement and transparency.
  • Champion a blameless, learning culture that balances speed and safety.
Qualifications Required
  • 10+ years in software engineering or Dev Sec Ops ; 5+ years leading secure SDLC at scale (cloud‑first; AWS preferred).
  • Expertise in CI/CD automation, SAST/DAST/IAST, SBOM/OSS governance, secrets management, and API/perimeter security.
  • Hands‑on experience integrating controls into developer workflows (policy‑as‑code, pipelines, pre‑commit/pre‑merge checks).
  • Proven delivery of SOC 2 Type 2/HECVAT using automated, system‑of‑record evidence.
  • Executive communication; OKR setting; budget ownership; ability to influence product/engineering/security.
Preferred
  • Certifications:

    CISSP, CISM, CCSP, AWS, or relevant Dev Sec Ops  credentials.
  • Experience in EdTech or regulated SaaS; institution‑facing security reviews.
  • Track record of automating compliance (evidence collection, control verification, reporting).
Compensation

Minimum full‑time salary range: $170,000 – $195,000. This position is eligible to participate in an annual incentive program, and information on benefits offered is here.

Applications will be accepted through until the 31 December 2025. This window may be extended depending on business needs.

Equal Opportunity

Pearson is an Equal Opportunity Employer and a member of E‑Verify. Employment decisions are based on qualifications, merit, and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status, or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing Talent Experie

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search