The Information Security Engineer is responsible for implementing, maintaining, monitoring, and managing secure solutions. This role ensures that these solutions align with the organization’s architectural designs, best practices, and regulatory or compliance requirements. As risks evolve, the Information Security Engineer recommends modifications and enhancements to keep the organization ahead of the threat landscape. The Information Security Engineer reports to the Director of Information Security and contributes to the corporate security strategy alongside security leadership and other senior security technologists.

Key Responsibilities:

• Implement, monitor, and provide operational support for hardware, software, customer applications, managed solutions, and service provider relationships.
• Lead and actively participate in security team meetings to facilitate secure design.
• Engage in information security projects to evaluate and enhance existing security infrastructure, delivering projects on time, within budget, and in accordance with SLAs.
• Assist with incident response and system stability issues, including after-hours involvement as needed.
• Implement solutions in compliance with HIPAA, GLBA, PCI, SOX, and privacy laws.
• Collaborate with architects, SOC, incident responders, and technology infrastructure and development teams.
• Respond to and manage service and escalation tickets within SLA expectations.
• Develop security test plans from architectural designs, identify deficiencies, and make enhancements to ensure production stability.
• Participate in change project and change management meetings.
• Research, validate, and deploy solutions that meet security and business needs.
• Follow security engineering fundamentals and processes as outlined in standard frameworks.
• Influence the planning and execution of incident response and postmortem exercises, focusing on measurable benchmarks.
• Drive security efficiencies, enabling team members to focus on advanced tasks.
• Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted.

Qualifications:

• Bachelor’s degree in Computer Science, Information Assurance, MIS, or related field, or equivalent experience.
• Certifications such as CISSP, CISM, and/or SANS are a plus.
• At least 7+ years of experience in cybersecurity, including compliance and risk management with a system and network security engineering background.
• Highly technical and analytical expertise, with a proven deep background (preferred 5+ years’ ITS experience in addition to cybersecurity) in technology design, implementation, and delivery.
• Experience with purple teaming (red and blue) to train, identify, and remediate issues cohesively.
• Proficiency with the Rapid7 platform, including InsightIDR, InsightVM, InsightCloudSec, InsightAppSec, and InsightConnect.
• Experience in cloud computing technologies, including SaaS, IaaS, PaaS, and public, private, and hybrid environments.
• Extensive knowledge of traditional and modern security controls and technologies, such as SIEM systems, IDS/IPS, PKI, IDAM systems, antivirus, firewalls, EDR, threat intelligence platforms, security automation and orchestration, deception technologies, and application controls.
• Skilled in vulnerability and penetration testing.
• Excellent communication skills to articulate business risks from cybersecurity issues.
• Experience managing SIEM systems, threat intelligence platforms, security automation and orchestration solutions, IDS/IPS, FIM, DLP, and other network and system monitoring tools.
• Proven track record of integrity, pride in work, curiosity, adaptability, and effective communication.
• Experience with AWS or Microsoft Azure / M365 Purview.
• Proficiency in scripting languages such as Python, JavaScript, PowerShell, PHP, or Ruby.
• DevSecOps background with experience in compliance obligations.
• Familiarity with standards and regulations such as ISO 27001, NIST, PCI DSS, HIPAA, HITECH Act, SOX, GDPR, CIS standards, or SOC 2.
• Ability to think strategically and tactically, with effective decision-making skills.