Information Security Engineer

 Job Summary

The Information Security team defends the company’s digital infrastructure by designing, implementing, and improving the company’s cybersecurity architecture. This is a critical role responsible for protecting infrastructure, cloud, edge devices, and data against unauthorized use, modification, exfiltration, or damage. This role identifies threats, manages projects and engineers solutions that impact the entire company. An ideal candidate for this role is technical, dedicated to learning new things, security-minded, strong initiative, and able to manage projects autonomously.

Responsibilities

Engineer security solutions without oversight and collaborate with multiple departments;
Analyze security systems and seek improvements on a continuous basis;
Research vulnerabilities, perform vulnerability scanning, and mitigate threats;
Develop security best practices and policies for the organization;
Document new processes, cross-train coworkers, and assist employees on security-related matters;
Provide security awareness training and testing for employees to verify proper security protocols are being followed;
Staying current with cybersecurity knowledge by participating in educational opportunities, reading professional publications, and participating in professional organizations;
Performing cyber security incident response, and remediation activities; and
Facilitate access reviews of company data and revoke inappropriate/overprovisioned access in order to drive least privilege access.

Qualifications

Require at least a bachelor’s degree preferably in Information Technology;
Require a minimum of at least 2 years of experience in implementing Information Security solutions;
Understanding of security best practices and how to implement them at a business-wide level;
Experience with managing, configuring, and deploying enterprise-grade security solutions in some of the following:
SIEM
Privileged Access Management/Identity Access Management/Multifactor Authentication
Endpoint Detection & Response
Network Access Control
Cloud based architecture such as Azure/AWS
Active Directory
Soft skills including excellent communication skills, critical thinking skills with the ability to solve problems as they arise, and ability to prioritize projects; and
Basic scripting skills, such as PowerShell/Python scripting.

Nice to have:

Experience with vulnerability assessment tools such as Nessus and Tenable;
Experience with enterprise web proxy solutions, web filters, and VPN;
Experience with email security solutions;
Experience with firewall and network architecture;
Experience with administrating Windows environment including GPO and servers;
Previous employment or experience in a highly regulated industry such as healthcare, financial, or defense experience with standards such as ISO, NIST, HIPAA, GDPR, SOC Type 2, etc; and
Auditing and policy-writing experience.