Dear Hiring Manager,
Security only works when the secure path is also the convenient one, so I spend less time saying no and more time building guardrails people do not have to think about. At Meridian Bank I rolled out a secrets management programme that closed a class of leaks for good without slowing a single team down. Reducing real risk without becoming the team that blocks shipping is what I would bring to you.
A security engineer is judged on risk reduced, not policies written, and that shapes how I work. I threat model new systems with the engineers who build them so the findings land early and cheaply, I push for secure defaults in shared libraries and pipelines, and I prioritise ruthlessly by likelihood and impact rather than chasing every theoretical issue. I aim to make the right thing the easy thing across the whole engineering organisation.
At Meridian Bank I led the move from hardcoded credentials to a centralised secrets vault with short lived tokens and automated rotation. The programme removed credentials from 140 repositories, eliminated a recurring source of audit findings, and cut the mean time to revoke a compromised key from days to under a minute. I paired it with developer tooling so adopting the secure pattern was the default, not a chore.
Your job description mentions building out application security as the team scales, which is the work I find most rewarding. I would welcome a conversation about how I would prioritise the first ninety days for the greatest risk reduction. Could we find a time to talk?
Yours sincerely, Isabella Renton