Information Security Engineer

LiquidPower Specialty Products Inc. (LSPI) is the global leader in the science of drag reduction. In 2014 LSPI was acquired by Berkshire Hathaway, having previously been a wholly owned subsidiary of Phillips 66. LSPI provides flow improver solutions, delivering strategic value to its customers by maximizing the flow potential of pipelines while increasing their operational flexibility, capacity and economic performance. LSPI works with companies in more than 35 countries to solve pipeline flow needs, treating more than 12 million barrels of hydrocarbon liquids a day and providing customers with a total package solution that includes flow improver products and the right injection equipment. LSPI leading brands are LiquidPower™, ExtremePower® and RefinedPower™. 

LSPI consistently recruits the best and brightest.  Put your valuable skills to work and join us! 

Summary:

As the Information Security Engineer, you will be responsible for designing, building, implementing, and maintaining secure systems and networks. You will work closely with cross-functional IT & third-party teams, to ensure that systems and networks are secure, compliant with applicable regulations, and protected against unauthorized access and other security risks. Responsible for identifying vulnerabilities and potential threats, conducting risk assessments, and developing and implementing security solutions to mitigate risks. You will also be involved in incident response, security monitoring, and security policy development.

Responsibilities:

• Design, build, implement, and maintain secure systems and networks, including servers, routers, switches, firewalls, intrusion detection/prevention systems, and other security devices.
• Perform vulnerability assessments, penetration testing, and risk assessments to identify and prioritize potential security risks and vulnerabilities.
• Develop and implement security measures, policies, and procedures to protect systems and networks against unauthorized access, data breaches, and other security incidents.
• Monitor and analyze security logs, events, and respond to security incidents in a timely manner.
• Conduct security audits and assessments to ensure compliance with applicable regulations, industry best practices, and organizational security policies.
• Collaborate with cross-functional and third-party teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
• Provide technical expertise and guidance to the IT Infrastructure and Applications teams to ensure that security controls are effectively implemented and maintained.
• Stay updated on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture.
• Participate in incident response activities, including investigation, containment, and recovery efforts, as needed.
• Provide training and awareness programs to educate employees and users about security best practices and procedures.
• Other duties as assigned by the Director, IT Information Security & Infrastructure.

Skills & Competencies:

• Strong knowledge of security principles, best practices, and industry standards, such as NIST & ISO 27001, and other relevant critical security controls.
• Strong understanding of networking concepts and protocols, such as TCP/IP, VLANs, VPNs, and routing/switching.
• Familiarity with security-related regulations, such as GDPR, CCPA, AI & DORA.
• Excellent analytical, problem-solving, and troubleshooting skills.
• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
• Ability to travel to other LSPI locations, up to 20% travel. 

Education & Experience:

• Bachelor’s degree in computer science, cybersecurity, or information technology.
• Minimum of 7 years of experience in Information Security engineering, or network security.
• Hands-on experience with security technologies, such as firewalls, IDS/IPS, SIEM, DLP/CASB, AV/EDR/XDR, and Vulnerability scanning tools.
• Experience with risk assessment, penetration testing, and incident response methodologies.

Preferred Education & Experience:

• Relevant professional certifications, such as CISSP, CCSP, CISM, or other security certifications preferred.