Senior Enterprise Security Engineer

Company Overview

Westaim and CC Capital have joined forces to strategically transform Westaim from a holding company into a global alternative credit asset manager with a unique, integrated insurance platform, branded as The Westaim Corporation. This partnership supports a long-term vision to deliver innovative, customized financial solutions across alternative credit and insurance, creating scalable growth and meaningful client impact.

Ceres USA Holdings, LLC, part of the insurance platform within The Westaim Corporation strategy, is the parent company of Ceres Life Insurance, a fast-growing, technology-driven annuity carrier startup. Ceres is focused on redefining retirement security by combining modern fintech capabilities, top-tier talent, and strong vendor partnerships to deliver exceptional annuity solutions and digital experiences.

Ceres is deeply committed to a client-centered culture. Through its Digital Contact Center and advisor-facing platforms, the company delivers proactive, personalized, and technology-enabled support that empowers clients and advisors while maintaining the highest standards of trust, security, and regulatory compliance.

About the Role

We are looking for a Senior Enterprise Security Engineer to join the Information Security team and work closely with the Office of the CISO to help secure a modern, cloud-based insurance platform supporting annuity products and financial operations.

This is a hands-on role for someone who enjoys securing enterprise systems, identity platforms, endpoint environments, SaaS applications, and security operations workflows. You will help implement and mature security controls across corporate technology platforms, identity and access systems, endpoint security, security tooling, and incident response processes.

This role is ideal for a very experienced Senior Systems Engineer, Senior Systems Administrator, Network Engineer, Infrastructure Engineer, or Security Engineer who has deep hands-on experience with enterprise platforms and wants to move further into security. The right candidate can learn new platforms quickly, understand how enterprise systems fit together, and translate security requirements into practical configuration changes and operational improvements.

This is not a purely advisory or architecture-only role. You will be expected to plan, configure, implement, document, troubleshoot, and improve security controls in partnership with the Office of the CISO, IT, operations, platform owners, and security partners.

Key Responsibilities

Secure Enterprise Systems and SaaS Platforms

• Implement, manage, and improve security controls across enterprise systems, identity platforms, endpoint environments, and SaaS applications
• Strengthen Microsoft 365 security, identity and access controls, endpoint controls, and SaaS security posture
• Configure and maintain secure settings across business-critical platforms supporting corporate, customer, advisor, and financial operations
• Help evaluate, implement, and mature security tooling that supports enterprise security operations
• Maintain documentation of security configurations, control decisions, and operational procedures

Manage Identity, Access, and Endpoint Security

• Administer and improve identity and access controls aligned with least privilege principles
• Support SSO, conditional access, identity governance, access reviews, and access lifecycle processes
• Help secure endpoint environments using modern endpoint management and endpoint detection and response capabilities
• Support device compliance, endpoint hardening, policy tuning, and remediation of endpoint security findings
• Partner with IT and platform owners to ensure identity, endpoint, and SaaS security changes are implemented safely and consistently

Support Detection, Triage, and Incident Response

• Interface with internal or external Security Operations Center resources to support alert triage, escalation, and tuning
• Participate as a member of the Incident Response Team
• Assist with investigation, evidence collection, containment, remediation, post-incident improvement, and root cause analysis
• Help improve detection capabilities through better alerting, logging, escalation paths, and operational workflows
• Coordinate remediation of enterprise security findings across IT, operations, and platform owners

Strengthen Security Governance and Audit Readiness

• Help prepare the organization for Internal Audit, external audits, regulatory reviews, and control assessments
• Support security control implementation and evidence gathering for frameworks and expectations such as SOC 2, ISO 27001, NAIC, and other relevant standards
• Ensure security work is documented, repeatable, reviewable, and aligned with control requirements
• Follow change management processes and support appropriate review and approval of security configuration changes
• Partner with the Office of the CISO to prioritize enterprise security improvements and reduce operational risk

Provide Practical Enterprise Security Architecture Input

• Provide hands-on security architecture input for enterprise identity, endpoint, SaaS, and corporate technology decisions
• Identify security design gaps and recommend practical, implementable improvements
• Help define secure configuration patterns and operational guardrails for enterprise systems
• Collaborate with stakeholders to ensure security recommendations are realistic, actionable, and aligned with business needs

Required Qualifications

• 7+ years of experience in cybersecurity engineering, systems engineering, infrastructure engineering, network engineering, or a related field
• Strong hands-on experience securing enterprise systems, identity platforms, endpoint environments, or SaaS applications
• Experience with Microsoft 365, identity and access management, SSO, conditional access, endpoint management, or endpoint security
• Hands-on experience with security operations concepts such as alert triage, incident response, EDR/XDR, logging, monitoring, or escalation workflows
• Strong understanding of least privilege, role-based access control, secure configuration, endpoint hardening, and enterprise security operations
• Ability to work directly with IT, operations, platform owners, business teams, and security leadership
• Experience working in regulated environments or environments with formal audit, compliance, or control requirements
• Self-motivated learner who proactively researches emerging technologies, security trends, and evolving threats without waiting for direction
• Ability to learn a new platform and quickly become proficient
• Strong written and verbal communication skills, including the ability to document technical decisions and explain security concepts clearly

Nice-to-Have Qualifications

• Experience supporting financial services, insurance, annuity, fintech, or other regulated environments
• Experience with Microsoft security tools, endpoint detection and response, SaaS security posture management, or identity governance platforms
• Experience coordinating with a Security Operations Center or managed detection and response provider
• Familiarity with frameworks and requirements such as SOC 2, ISO 27001, NAIC, NIST, or similar control frameworks
• Experience participating in incident response activities, tabletop exercises, or post-incident reviews
• Certifications such as CISSP, CISM, Security+, Microsoft security certifications, or other relevant security or infrastructure certifications
• Experience with automation, scripting, reporting, or configuration management to improve repeatability and control maturity

Who This Role Is Ideal For

This role may be a strong fit for someone who has been a senior systems, infrastructure, network, endpoint, or Microsoft 365 engineer and wants to move deeper into security. It is also a fit for a hands-on security engineer who enjoys enterprise platforms, identity, endpoint security, SaaS security, and operational security work.

The ideal candidate enjoys solving practical security problems, learning new platforms quickly, working directly with stakeholders, and turning security priorities into implemented controls.

What This Role Is Not

This is not a pure architect role, a policy-only role, or a governance-only role. It is also not primarily a software engineering, cloud engineering, or DevSecOps role.

This role will provide practical enterprise security architecture input when needed, but the day-to-day expectation is hands-on security engineering, configuration, remediation, documentation, and operational improvement.

Internal Audit and Control-Readiness Expectations

Ceres expects to continue maturing its internal audit and control environment. This role will help ensure enterprise security controls are implemented, documented, monitored, and improved over time.

The Senior Enterprise Security Engineer will help the Office of the CISO prepare for internal audit, external audit, regulatory reviews, and security control assessments by supporting evidence collection, remediation tracking, secure configuration, change management, and control documentation.

Why Join Us?

• Be part of a fast-growing, innovative insurance business dedicated to delivering modern annuity solutions and exceptional advisor and client experiences
• Make a direct impact on the security, resilience, and control maturity of a growing regulated company
• Work closely with the Office of the CISO on meaningful, hands-on security initiatives
• Help shape enterprise security practices while working across modern SaaS, identity, endpoint, and security operations platforms
• Join a collaborative startup environment focused on technology, digital tools, and advisor enablement
• Competitive compensation package with PTO, health benefits, and career growth opportunities