Summary

The Information Security Engineer is responsible for leading the planning, design, and execution of strategies and technologies aimed at safeguarding the confidentiality, availability, and integrity of CommunityAmerica's information assets. In this capacity, the role involves developing and maintaining security standards and best practices and the recommendation, architecture, and implementation of improvements to existing and new security solutions.

The Information Security Engineer is pivotal in driving organizational change to enhance the organization's security posture and mitigate risks. Responsibilities extend to formulating and maintaining strategies for security breach response and recovery and staying abreast of emerging threats and prevailing trends in information security. To excel in this role, a deep understanding of securing physical and cloud-based environments and computing resources within these environments is required. This includes familiarity with the system development life cycle (SDLC) and expertise in infrastructure as code.

Duties & Responsibilities

• Conduct security assessments, vulnerability assessments, and penetration tests on systems and applications to identify weaknesses and recommend remediation actions.
• Monitor and analyze security alerts, events, and incidents to promptly detect and respond to threats.
• Manage and maintain security tools and technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systems.
• Lead security awareness and training programs for employees and contractors to promote a culture of security awareness.
• Participate in incident response activities, including containment, investigation, and recovery, in the event of a security incident.
• Stay updated with cybersecurity threats, vulnerabilities, and industry best practices to ensure the organization remains secure.
• Ability to provide security guidance for physical, virtual, and code infrastructure.
• Provide vendor due diligence reviews, including SOC2 and vendor risk assessments.
• Drive change to improve the overall security posture.
• Establish solid relationships with other teams and provide advisement as needed.
• Implementation and improvements of a vulnerability and patch management program.
• Ensure the protection of CACU information assets through the technical enforcement of organizational security standards and policies.
• Design and maintain automated workflows to streamline security operations.
• Researches, analyzes and formulates recommendations regarding technologies, products, and solutions to fulfill requirements within CACU.
• Provide evidence and meet with internal and external audit and compliance teams.
• Prepare executive-level reports that document security issues and the extent of the risk realized by them.
• Lead security issue remediation efforts across the enterprise.
• Perform other miscellaneous duties as assigned.

Requirements

Education and Experience Requirements:

Bachelor’s degree

Preferred

Preferably in information security, computer science or other related field, or equivalent combination of education and/or experience form which comparable knowledge, skills and abilities have been achieved.

IT Experience

Required

1 Year

Combined security and IT technical work experience

Required

2 Years

Professional security certification

Preferred

Minimum 1 Certification - CISSP, SANS or other relevant certification

Required Knowledge, Skills and Abilities:

An individual must be able to perform each essential job duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required:

Expert understanding of common information security standards and best practices.

Experience implementing and managing these standard security technologies: centralized log management, vulnerability scanning, intrusion detection\prevention, anti-malware, behavioral analysis, encryption, and authentication and access controls.

Excellent problem-solving and analytical skills with the ability to quickly isolate problems, collect data, establish facts, and draw valid conclusions.

Expertise with cybersecurity frameworks and standards (NIST, ISO, CIS…ect) is a plus.

Experience with enterprise risk assessment methodologies.

Strong problem-solving skills, including developing innovative risk mitigation solutions that address core issues.

Strong understanding of user account management best practices.

Working knowledge of log, network, and system forensic investigation techniques.

Knowledge of security vendors and security product capabilities.