The Director of Security & Infrastructure is a hands-on technical leadership role responsible for maintaining a robust security posture and reliable infrastructure operations across Highway's technology platform. This role owns the security of our application, AWS environment, and endpoints while ensuring the performance, scalability, and availability of our infrastructure. You'll work closely with the VP of Engineering and senior engineering team to embed security into development practices and maintain operational excellence. This is not a pure policy or compliance role - we need someone who can architect solutions, configure tools, and respond to incidents while also building frameworks and processes that scale with our growth. 

Security Architecture & Operations (60%) 

* Design and implement security controls across our application, AWS infrastructure, and endpoints 

* Conduct security assessments and penetration testing (or coordinate with external partners) 

* Monitor security tools and respond to alerts, incidents, and potential threats 

* Define and enforce security policies for code, infrastructure, and data access

* Manage security tooling (SIEM, vulnerability scanning, endpoint protection, etc.) 

* Lead incident response efforts when security events occur 

* Educate engineering and business teams on security best practices 

* Evaluate and manage relationships with security vendors and consultants 

Infrastructure Operations (30%) 

* Ensure high availability and performance of AWS infrastructure 

* Implement monitoring and alerting for system health and performance 

* Own disaster recovery and business continuity planning 

* Optimize infrastructure costs without compromising reliability or security 

* Collaborate with engineering on infrastructure scaling and architecture decisions 

* Manage infrastructure-as-code practices and configuration management 

Strategic Oversight (10%) 

* Develop and maintain security roadmap aligned with business objectives 

* Report on security posture and infrastructure health to CTO and executive team 

* Stay current on emerging threats, technologies, and industry best practices 

* Partner with engineering leadership on technical strategy and vendor selection 

What Success Looks Like In ...

90 Days: 

* Completed security audit of current state (application, AWS, endpoints) 

* Established security monitoring and alerting baselines 

* Implemented quick-win security improvements

* Built relationships with engineering team and understood current infrastructure 

6 Months:

* Deployed key security tools and processes (vulnerability management, incident response)

* Reduced security and infrastructure incidents through proactive monitoring 

* Created documentation for security policies and infrastructure architecture * Identified and begun addressing top 3-5 infrastructure risks

12 Months:

* Embedded security practices into development workflow (security reviews, automated scanning) 

* Achieved measurable improvement in security posture

* Optimized infrastructure costs by 15-20% while improving reliability 

* Built scalable security and infrastructure frameworks that support company growth 

Required Qualifications 

* 5-7+ years in security engineering, infrastructure operations, or similar technical roles

* Hands-on AWS experience - you should be comfortable configuring security groups, IAM policies, CloudWatch, and other AWS services 

* Security expertise across application security, network security, and endpoint protection 

* Infrastructure operations background - you've managed production systems and understand reliability, monitoring, and incident response 

* Proven ability to balance security with business needs - you know when to say "no" and when to find pragmatic solutions 

* Strong communication skills - you can explain technical security concepts to non-technical stakeholders 

* Self-directed and comfortable with ambiguity - you can prioritize and execute without constant direction 

Preferred Qualifications 

* Experience in SaaS or financial services environments 

* Relevant certifications (CISSP, AWS Security Specialty, CEH, OSCP)

* Familiarity with security frameworks (NIST, OWASP) 

* Experience with infrastructure-as-code (Terraform, CloudFormation) 

* Background in DevSecOps practices 

* Experience preparing for or maintaining security certifications (SOC 2, ISO 27001) 

* Mortgage or fintech industry background 

* Prior experience at a company in the 50-150 employee range