Sr. Information Security Engineer

If interested, please email Ian Ostberg @iostberg@alexandertg.com with a current resume and upcoming availability.

Sr. Information Security Engineer

Boston, MA (Hybrid - MUST be local to Greater Boston)

This position reports to the Director of Information Security and collaborates closely with the Technology and Risk Management teams. The ideal candidate is passionate about identifying, managing, communicating, and mitigating risks, fostering a risk-focused culture, and promoting effective Information Security practices.

This is a hybrid work environment opportunity located in Boston, MA with a weekly in-office schedule of Tuesdays, Wednesdays, and Thursdays with remote work from home on Mondays and Fridays.

Responsibilities

• Lead security initiatives throughout Software Development Life Cycle (SDLC) by utilizing Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools. Act as a subject matter expert and assist the Technology team in remediating application vulnerabilities.
• Support key security initiatives such as, but not limited to, vulnerability management, application security, access governance, cloud migration (AWS, Azure) etc.
• Assist in implementing information security requirements, including policies, standards, and controls, by collaborating with the Risk Management team.
• Partner with Technology, Internal Audit team and other teams to analyze security controls to ensure that security requirements are implemented for effective security posture.
• Provide support and input for related audits or examinations from internal/external parties and collaborate with relevant stakeholders to ensure findings are appropriately remediated.
• Assist with risk assessments, identify gaps and document action items.
• Prepare data and metrics-based analysis to help proactively monitor and report on risks across the company through use of Key Risk Indicators (‘KRIs’).
  
  

Skills You Bring:

• Bachelor of Science degree in Computer Science, Engineering, Computer Security, or Information Systems.
• 7 years of experience in software development, information security, and cloud environments, with broad working knowledge of information systems and the latest technologies.
• Strong knowledge of vulnerability management and security testing tools, as well as OWASP Top 10 vulnerabilities.
• Experience with frameworks such as CIS, NIST, ISO 27001, and SOC.
• Certifications such as CISSP, CISM, and CEH are preferred but not required.
• Strong interpersonal and communication skills, with the ability to solve problems as they arise.
• Ability to work independently across multiple simultaneous work streams and thrive in a fast-paced, small company culture environment.
  
  

If interested, please email Ian Ostberg @iostberg@alexandertg.com with a current resume and upcoming availability.ATG456

*MONATG*