Information Security Engineer

Job Summary:

We are seeking an experienced Sr. Information Security Engineer to join our team. This role involves designing and implementing secure solutions across networks, cloud environments, platforms, and applications. The successful candidate will perform thorough assessments to identify and mitigate security risks, threats, and vulnerabilities. Collaborating with various departments, you will develop strategies to strengthen our security posture and foster a culture of cybersecurity awareness.

Job Responsibilities:

• Security Design and Implementation:Collaborate with technical leadership to establish and implement security technologies, standards, and strategies.
• Design and deploy security solutions for network, cloud, platform, and application environments.
• Lead the development and execution of security architecture for both on-premises and cloud systems

• Threat Assessment and Mitigation:Conduct comprehensive threat assessments on applications, hosts, and networks to identify vulnerabilities.
• Develop action plans to mitigate identified security risks and vulnerabilities.

• Security Operations and Monitoring:Analyze security logs to detect vulnerabilities and suspicious activities.
• Lead incident response activities, ensuring effective handling and resolution of security incidents.

• Team Collaboration and Mentoring:Mentor and cross-train team members on security best practices and technologies.
• Collaborate with development teams to ensure secure application design.

• Research and Compliance:Stay updated on emerging security threats, vulnerabilities, and exploits.
• Work with external partners for security penetration testing and assessments.
• Periodically test and evaluate security controls to ensure compliance with policies and standards.

• Documentation and Reporting:Create detailed security documentation, including network security diagrams.
• Report on security incidents, assessments, and compliance evaluations.
• Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders.

• Strategic Planning and Support:Think strategically to evaluate short-term and long-term security options.
• Manage multiple work streams and prioritize tasks effectively.
• Provide after-hours configuration changes and on-call support as needed.

Required Job Qualifications:

• 5 years’ experience in enterprise Information Security roles
• Bachelor’s degree in computer science, Information Systems, or a related field, or equivalent work experience.
• A strong understanding of computer networking concepts, protocols, network security, security engineering, and architecture concepts.
• Strong understanding of Cryptography, Authentication, Authorization, Secrets Management, Data Security, Web Technologies, and Cloud Security.
• Experience implementing and managing security solutions like EDR/XDR, IAM/PAM, Web Proxies, SIEM, SOAR
• Experience with incident response and root cause analysis.
• Proficiency in Security Operations, Cyber Security engineering, and endpoint protection domains.
• Solid experience with Windows, MacOS, and Linux operating systems, including virtualization, containers, and cloud technologies.
• Ability to lead security engineering projects and effectively communicate with business partners.
• Relevant certifications such as Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or similar certifications are preferred.
• Expert knowledge of Python and PowerShell and familiarity with other programming languages
• Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating complex data sets.
• Ability to identify trends, insights, and relationships between internal and external data and intelligence sources to make risk mitigation recommendations.
• Excellent communication and interpersonal skills, with the ability to effectively communicate technical information to non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail.
• Ability to work under pressure and respond effectively to incidents in a fast-paced environment.
• Be available to be on call

• Preferred Job Qualifications:Broad knowledge and experience across the information security domain, including familiarity with endpoint, email, network, identity management, cloud security, vulnerability management, incident response, and threat intelligence
• Cloud Security certification