Enterprise Information Security Engineer

About The Position

Requirements

• Strong knowledge of cybersecurity principles, frameworks, and tools.
• Experience with a wide range of tools, including IDS, IPS, firewalls, and SEIMs.
• Deep understanding of Cloud Security and SaaS Vendor Security.
• Proficiency in risk assessment, incident response, and threat modeling.
• Excellent communication skills for cross-functional collaboration.
• 4+ yrs of relevant Information Security experience
• BA/BS in Computer Science, Engineering, or related field preferred. Combination of work and education considered
• In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

Nice To Haves

• Preferred Certifications: CISSP, CISM, CCSP, CISA, multiple topical GIACs.
• Experience with AWS, Azure M365, Entra ID, Splunk, CrowdStrike, Darktrace, and Tripwire, is a plus.

Responsibilities

• Architect Systems and Solutions
• Plan and design security solutions that enable identification, protection, detection, response, and recovery from cyber threats.
• Define and develop security requirements from threat assessments, risk modeling, system analysis, and regulations, leveraging standard security frameworks.
• Create security integration plans for existing infrastructure and future solutions.
• Security Operations
• Implement and manage security technologies (e.g., firewalls, encryption, SIEM, DLP, IPS) directly, collaborate with other teams, and use MSSPs.
• Monitor networks and systems for security breaches, escalations, and anomalies to ensure optimal security and accurate metrics.
• Perform vulnerability assessments, penetration testing, and manage these services.
• Own several of the security tool vendor relationships.
• Governance and Compliance
• Develop and maintain security policies, standards, and procedures to ensure a secure environment and compliance with regulatory requirements.
• Present and manage compliance issues, remediation, and organizational conversations.
• Prepare action plans to harden systems, respond to security and DR events.
• Risk Management
• Identify, evaluate, and report on information security risks.
• Perform regular risk assessments and recommend mitigation strategies.
• Education and Awareness
• Educate staff on cybersecurity best practices and the security program.
• Acquire or develop training to address identified gaps and remediations.
• Manage IT compliance and collaborate on corporate compliance measures.
• Advise business units on secure configurations, vendors, and architectures.
• Support Leadership
• Support the EISO in security event management, group collaboration, and planning and budgeting.
• Maintain and develop both technical and management skills.
• Effective performance of the essential functions of this position requires regular in-person, on-site interaction with colleagues, both for purposes of relationship building and meaningful collaboration.
• Other duties may be assigned.

Benefits

• Flexible Benefits available to eligible employees: Medical (including Vision), Dental
• Core Benefits automatically provided to eligible employees: Employer funded defined benefit pension plan (five year vesting), Employee Life Insurance, Spouse and Dependent Life Insurance, Accidental Death and Dismemberment (AD&D) Insurance, Short-Term Disability (STD) coverage, Long-Term Disability (LTD) coverage (elected as either pre-tax or after-tax), Business Travel Accident Insurance, Worker’s Compensation, Employee Assistance Program, Retiree health insurance (eligible after 10 years), Retiree life insurance
• Elective Benefits available to eligible employees: 401(k) with matching contributions (immediate vesting), Flexible Spending Accounts (FSAs), Commuter Benefits, New York’s 529 College Savings Program (NY State residents)
• Educational Assistance Program available to eligible employees
• Parental Leave available to eligible employees
• Time Off available to eligible employees: Vacation, Sick, Personal and Holidays
• You may also be eligible to participate in a discretionary annual incentive program, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.