Sr Information Security Engineer

Under limited supervision, ensures information system security controls are functional and properly implemented. Provide consultation to management and all areas of information technology for proper controls and implementations for information security. Properly prioritize the top threats and identify the significance for management. Coordinates protection of information technology assets against unauthorized access, modification, or destruction. Responsible for determining enterprise information security standards and applying them. Leads and coordinates information technology threat research, analysis, collection, training, and reporting. Responsible for monitoring the work of other team members.

The Senior Information Security Engineer also coordinates the protection of information technology assets, safeguarding them against unauthorized access, modification, or destruction, and is tasked with determining and applying enterprise information security standards across the organization.

Additionally, this role includes responsibility for monitoring, disseminating, and reporting information collected from specialized security platforms such as honeypots (e.g., Attivo) and IoT/OT security solutions (e.g., Armis). The engineer ensures that threat intelligence from these sources is thoroughly analyzed and shared with relevant stakeholders to enhance the organization's overall security posture.

BENEFITS:

Day 1 Benefits available: medical, dental, and vision insurance, FSA/HSA and company-paid life insurance.

Get paid early. Get paid fast.

401(k) with annual company match.

Paid holidays, vacation time, college tuition reimbursement, and more!

ESSENTIAL JOB FUNCTIONS / PRINCIPAL ACCOUNTABILITIES:
Other duties may be assigned. A teammate in this position must have the ability to:

Participate in the design and implementation of security controls throughout the information technology infrastructure, ensuring that security considerations are embedded in all areas of technology operations.

Collaborate with various teams across the IT organization such as help desk, distribution center operators, LAN/WAN administrators, voice and system administrators, and application developers to ensure consistent application of security best practices.

Oversee the deployment, configuration, and ongoing management of deception technologies, such as Attivo Networks. This includes setting up decoy systems, traps, and lures to identify unauthorized activity across the network and to detect potential intrusions.

Continuously monitor alerts and reports generated by deception systems to detect lateral movement, unauthorized access attempts, and insider threats. Collaborate with the incident response team to analyze attack patterns and develop mitigation strategies based on intelligence gathered from these systems.

Monitor the behavior of IoT (Internet of Things) and OT (Operational Technology) devices for anomalies, threats, or unusual activity. Respond promptly to any deviations from normal behavior, investigating and addressing security concerns as needed. Respond to real-time alerts, coordinating with the incident response team to contain and mitigate threats targeting IoT and OT devices. Ensure timely remediation and documentation of incidents.

Provide expert judgment and recommendations to management regarding information security risks and best practices across all areas of IT.

Enable leadership to make informed decisions about risks and threats related to technology systems and their impact on business operations.

Regularly review and analyze system access audit logs to ensure proper authorization controls are in place and detect any suspicious patterns that may indicate intrusion attempts.

Investigate user access issues and provide recommendations for enhancing the design and implementation of security protocols.

Maintain comprehensive documentation of security processes and procedures for use by other members of the security team, ensuring consistency and clarity in the organization's security practices.

Have a basic understanding of various operating systems and database environments, including Z/OS, I/Series, Unix, and Windows, to support logical security and contribute to system-level security decisions.

Participate in on-call rotations for security support during regular working hours and after-hours as needed.

Assist in evaluating candidates for security team positions and other roles within the information systems department.

MINIMUM SKILLS AND QUALIFICATION REQUIREMENTS:

A teammate in this position must:

Bachelor s degree in Information Systems or related field.

5 years of experience working with Security Administration across Mainframe, Unix, and Windows environments.

5 years of experience working with Deception technologies.

5 years of experience working with IoT and OT technologies

CompTIA Security or Equivalent Certification a MUST

CompTIA CySA desired

Excellent interpersonal and communication skills.