Info Security Sr Engineer I

About The Position

Requirements

• Associate's or Bachelor's degree with a preference in a science, technology, engineering, or math related field or equivalent work experience (6 years of experience equates to an Associate's degree when defining "equivalent work experience")
• 6+ years of information security experience
• 1+ years of System Administration experience
• Experience implementing, managing or governing security technologies, including vulnerability scanning tools (i.e. Qualys, Nessus, Nexpose, Wiz, Orca, AppOmni, etc.).

Nice To Haves

• Preference for Nexpose and Wiz
• Experience with Terraform or other Infrastructure as Code tools
• Proficiency with GitHub, as well as Continuous Integration/Continuous Deployment (CI/CD) Processes

Responsibilities

• Analyze and audit assets against Security Control standards.
• Provide recommendations and conduct testing of remediations for Security Control gaps.
• Develop Information Security procedures for Vulnerability Management and deployment of Security Controls
• Analyze publicly disclosed vulnerabilities of vendor software/hardware products and develop mitigation/remediation orders
• Compile monthly, quarterly, and annual vulnerability metrics associated with affected and non-compliant assets
• Perform special security projects on an ad-hoc basis.
• Collaborate with cloud teams to implement security controls using Infrastructure as Code (IaC) tools like Terraform
• Support configuration management efforts to ensure consistent and secure system states across environments

Benefits

• Flexible Time Off (FTO) is provided to salaried (exempt) employees and provides the opportunity to take time away from the office with pay for vacation, personal or short-term illness. Employees don't accrue a bank of time off under FTO and there is no set number of days provided.
• Pension Eligible