Info Security Engineer

About The Position

Requirements

• Bachelor’s degree in information technology, Computer Science, Management Information Systems, or equivalent combination of education and relevant enterprise-level experience.
• Minimum of five years of combined experience in IT administration with at least three years of direct security experience in conjunction with an IAT Level III certification.
• Minimum of seven years of combined experience in IT Administration with at least four years of direct security experience in conjunction with an IAT Level II certification.
• Minimum of eight years of experience in IT with at least five years of direct Security experience.
• Minimum of two years' experience securing SaaS based solutions
• Working knowledge of PowerShell, Python, or C#

Nice To Haves

• Industry related certifications (Such as MCSE, CCNA, CISSP, or any GIAC) preferred

Responsibilities

• Security Monitoring, and Incident Response Serves as team subject matter expert in the regular review and analysis of security logs, system alerts, and network traffic to detect, investigate, and mitigate security threats and anomalies.
• Develop, implement, and refine incident response plans for rapid, effective cybersecurity event management.
• Create and implement high value detections unique to our enterprise environment.
• Leads and supports Information Technology team members with risk analysis of identified issues or events and perform investigations to uncover additional facts surrounding the event with limited direction.
• Review, analyze, triage, and respond to phishing submissions and alerts.
• Lead risk assessments, vulnerability scans, and remediation efforts across infrastructure and applications.
• Participate in disaster recovery and business continuity planning and testing
• Operates as a senior member of a 24/7 on call team, responding to incidents and leading the team as necessary.
• Security Administration Serve as subject matter expert in the administration of critical security and operational tools to ensure system operation and availability including firewalls, vulnerability management, deception technology, SIEM, EDR, SSO, PAM, CASB\SSE, and others as necessary.
• Provide Level 3 technical support and serve as subject matter expert in troubleshooting security team products.
• Design, develop, and implement new security solutions and system enhancements to address emerging threats and improve operational efficiency.
• Monitor, test, and continually improve security practices in place for network, system, applications, and operations management, providing guidance for junior team members in this role.
• Coordinate and lead vendor relationships regarding security system updates, and technical support.
• Identify opportunities to improve work processes and automate improvements to make them more effective and strengthen security measures.
• Collaborates with IT and business partners to ensure security is factored into the evaluation, selection, installation, and configuration of hardware, software, and infrastructure.
• Threat Intelligence, Threat Analysis, and Risk Mitigation Lead in-depth analysis of cyber threats—including malware, phishing campaigns, and other attack vectors—to identify patterns, indicators of compromise (IOCs), and adversary tactics, techniques, and procedures (TTPs).
• Aggregate and evaluate threat intelligence from diverse sources such as open-source intelligence tools (OSINT) and commercial feeds to identify relevant and actionable insights for the organization.
• Collaborate closely with business and IT personnel in a complex information technology environment to support proactive threat identification, risk mitigation, and incident response efforts.
• Stay current with and remain knowledgeable about new threats.
• Analyze attacker tactics, techniques and procedures (TTPs) from security events across our network of security devices and end-user systems
• Monitor emerging security threats and identify vulnerabilities in current or proposed systems and processes.
• Policy Development, Metric Management, and Compliance Participate in the development and enforcement of IT security policies, standards, procedures, and compliance requirements.
• Conduct security audits and risk assessments to identify gaps, create unique solutions, and implement essential controls.
• Create, conduct, and maintain security audits to facilitate SOX compliance in coordination with both internal and external auditors
• Create and administrate automation or manually input data as necessary to track, communicate, monitor, or improve Information Security team metrics and reports.
• Identity and Access Management Guide the development of Identity Access Management standard operating procedures, playbooks and runbooks.
• Lead the strategy, standards, processes and technologies for the Identity Access Management Program.
• Instruct junior team members in the design, implementation, and administration of solutions within the existing architecture including single sign on (SSO) and System for Cross-Domain Identity Management (SCIM) configurations for on-prem and SaaS applications, utilizing scripting and automation to create unique solutions when necessary.
• Collaborate with business and IT teams to identify gaps in and expand coverage of identity access management controls and capabilities.
• Design and guide application administrators to implement access controls.
• Lead the design, development and implementation of solutions to successfully integrate new identity management systems with existing architecture.
• Continuing education Monitor information technology industry tools and trends for new technologies and make recommendations on their impact to the organization
• Attend regular training events and keep skills sharp in the security industry and with specific UFG products.
• Maintain awareness of new attack methods and how they intersect with our security stack.
• Work with the entire team to stay abreast of the current state of information security practices.

Benefits

• Annual incentive compensation
• Medical, dental, vision & life insurance
• Accident, critical Illness & short-term disability insurance
• Retirement plans with employer contributions
• Generous time-off program
• Programs designed to support the employee well-being and financial security.