Information Security Engineer

POSITION SUMMARY:

The Information Security Engineer is responsible for designing, implementing, administering, and improving technical security controls that protect the organization’s systems, users, data, and infrastructure. This role works closely with Information Security, IT, infrastructure, cloud, and application teams to strengthen the organization’s security posture through secure design, control implementation, continuous monitoring, vulnerability remediation, and operational support.

The Information Security Engineer supports the ongoing maturity of the Information Security Program by helping translate security requirements into practical technical solutions, maintaining core security technologies, and contributing to incident response, risk reduction, and audit readiness activities.

ROLES & RESPONSIBILITIES:

• Responsibilities of this role include, but may not be limited to, the following:
• Design, implement, administer, and maintain technical security controls across endpoint, network, identity, cloud, and infrastructure environments.
• Support the configuration, administration, and optimization of security technologies, including endpoint protection, email security, firewalls, VPN, logging, monitoring, vulnerability management, and related platforms.
• Monitor security events, alerts, and control health to identify issues, investigate suspicious activity, and support response and containment efforts.
• Partner with IT and infrastructure teams to implement secure configurations, system hardening measures, and technical safeguards aligned with organizational security standards.
• Perform technical security assessments, configuration reviews, and vulnerability analysis to identify control gaps and improvement opportunities.
• Support vulnerability remediation by validating findings, helping prioritize risk, and coordinating with system owners on corrective actions.
• Review penetration testing and security assessment results and help drive remediation planning and closure tracking.
• Assist with security incident response activities, including investigation, containment support, documentation, and follow-up actions.
• Contribute to the development, maintenance, and continuous improvement of security standards, technical baselines, procedures, and engineering documentation.
• Support identity and access security efforts, including authentication controls, privileged access protections, and least-privilege design principles.
• Collaborate with cloud, infrastructure, workplace, and application teams to integrate security requirements into operational and technical processes.
• Support audit and compliance activities by helping provide technical evidence, validating control operation, and addressing control gaps where needed.
• Work with vendors and external partners to support the secure implementation and operation of security technologies and services.
• Stay current on evolving threats, attack techniques, vulnerabilities, and security technologies, and recommend improvements as appropriate.
• Perform other duties as assigned.

KNOWLEDGE, SKILLS & ATTRIBUTES:

• Strong knowledge of information security principles, practices, and technical safeguards.
• Working knowledge of security technologies such as firewalls, endpoint protection, vulnerability management tools, VPN solutions, email security platforms, logging and monitoring tools, identity and access controls, and encryption technologies.
• Ability to analyze alerts, logs, events, and technical findings to identify potential threats, control gaps, or remediation needs.
• Strong understanding of secure configuration, system hardening, least privilege, defense in depth, and risk reduction concepts.
• Ability to assess vulnerabilities and security weaknesses and support practical remediation efforts.
• Strong troubleshooting, analytical, and problem-solving skills with attention to detail.
• Strong written and verbal communication skills, with the ability to work effectively across technical and non-technical teams.
• Strong interpersonal skills and the ability to collaborate with internal stakeholders, external partners, vendors, auditors, and assessors.
• Strong organizational and time management skills, with the ability to manage multiple priorities and follow tasks through completion.
• Ability to adapt to evolving threats, technologies, and business requirements in a fast-paced environment

QUALIFICATIONS

Experience

• Five or more years of experience in information security, cybersecurity, infrastructure security, or a related technical field.
• Experience implementing, administering, or supporting enterprise security technologies and controls.
• Experience with security monitoring, vulnerability management, endpoint security, secure configuration, incident response support, or related security operations and engineering functions.
• Experience partnering with IT, infrastructure, cloud, or platform teams to implement or improve security controls in production environments.
• Experience supporting audits, assessments, control validation, or remediation activities is beneficial

Education / certifications:

• Bachelor’s degree in Computer Science, Information Technology, Information Security, Cybersecurity, or a related field is preferred.
• Relevant certifications such as CompTIA Security+, SSCP, GIAC, Microsoft security certifications, or Azure security certifications are beneficial.

Credentials:

• Demonstrates professionalism, sound judgment, and accountability in the handling of security matters.
• Maintains a high degree of integrity and discretion when working with sensitive systems, information, and incidents.
• Able to work independently while also contributing effectively within a team environment.
• Demonstrates a proactive mindset, technical curiosity, and a commitment to continuous improvement.
• Ability to travel up to 5%.