Security Engineer

What We Are Looking For:

Durham, NC. This role is critical in safeguarding our organization's information, infrastructure, and assets by continuously designing, implementing, and maintaining security systems to detect and respond to threats.

The Security Engineer will work closely with engineers, analysts, developers, and architects across the company to design secure systems, investigate potential threats, and enforce security policies. They will be responsible for developing and optimizing security tools, conducting vulnerability assessments, analyzing logs, and supporting incident response efforts. Additionally, this role plays a key part in ensuring compliance with industry standards and regulations, including the Gramm-Leach-Bliley Act (GLBA).

Reporting directly to the Director of Cybersecurity, this position provides an opportunity to contribute to a strong security posture, helping protect both corporate and client data while gaining hands-on experience in threat detection, security automation, and continuous monitoring.

What You Will Do:

• Design, implement, and maintain security systems to protect infrastructure, applications, and networks from threats, ensuring compliance with the Gramm-Leach-Bliley Act (GLBA) and other security policies.
• Collaborate with engineers, analysts, developers and architects across departments to design secure solutions and assess security risks.
• Develop and optimize security monitoring tools, including SIEMs, endpoint detection and response (EDR), data loss prevention (DLP), code scanning tools, and vulnerability management solutions to enhance threat detection capabilities.
• Lead security automation and process improvements to reduce manual effort and improve efficiency in monitoring, analysis, and reporting.
• Conduct security assessments and risk analyses for new software, features, and infrastructure, identifying vulnerabilities and recommending mitigation strategies.
• Perform regular security monitoring and vulnerability scanning, supporting penetration testing efforts to proactively identify and address security gaps.
• Support incident detection and response efforts, investigating security alerts and working with other team members to analyze threats, contain incidents, and prevent future occurrences.
• Document security events, policies, procedures, and configurations, ensuring information is readily available for audits and regulatory compliance.
• Educate and assist employees and teams in following security best practices and complying with organizational policies.
• Stay informed on emerging threats, vulnerabilities, and cybersecurity technologies, proactively recommending improvements to strengthen the organization's security posture.
• Lead Application Security Program processes, ensuring secure development practices and integration of security measures throughout the software development lifecycle.
• Implement and advocate for DevSecOps principles, promoting collaboration between development, security, and operations teams to build secure and resilient systems.

What We Require:

Education & Experience:

• Bachelor's degree or higher in computer science, information technology, information security, software development, or a related field.
• Minimum of 3 years of experience in cybersecurity engineering, network security, application security, or a similar role, ideally within a regulated industry (e.g., finance, healthcare).

Technical Skills:

• Proficiency with security tools and technologies, including SIEMs, vulnerability scanners, DLP (Data Loss Prevention), code scanners, and EDR (Endpoint Detection and Response) tools.
• Hands-on experience with threat modeling, penetration testing, and vulnerability assessment techniques.
• Familiarity with scripting and automation (e.g., Python, Bash, PowerShell) to streamline security processes and reduce manual intervention.
• Understanding of networking and information technology fundamentals, cloud security practices, and DevSecOps principles.
• Strong knowledge of security frameworks, controls, and compliance requirements, with specific experience in Gramm-Leach-Bliley Act (GLBA) compliance.

Analytical & Problem-Solving Skills:

• Demonstrated ability to assess, identify, and mitigate security risks across complex infrastructures and applications.
• Strong analytical and problem-solving skills, with a proactive approach to identifying potential security threats and areas for improvement.

Interpersonal & Communication Skills:

• Excellent verbal and written communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders.
• Proven ability to collaborate effectively with cross-functional teams, including engineers, analysts, developers, and architects, and to work independently when needed.
• You like to get “STUFF” done and enjoy working in a fast-paced environment.

Certifications (Preferred):

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Offensive Security Certified Professional (OSCP).

Other Requirements:

• Strong attention to detail, with the ability to document processes and maintain records.
• Ability to stay current with the latest security trends, vulnerabilities, and industry regulations.