Information Security Engineer

Heaven Hill Brands-posted 3 days ago
Full-time • Mid Level
Onsite • Louisville, KY
1,001-5,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Information Security Engineer is responsible for strengthening and supporting Heaven Hill’s cybersecurity program. This hands-on technical role focuses on implementation, monitoring, and continuous improvement of security controls across cloud and on-premise environments. The Engineer supports governance and risk management efforts and plays a key role in incident response and in deploying and maintaining secure technology solutions. This position will collaborate with IT and business units to ensure Heaven Hill’s data and systems remain resilient against evolving threats, while helping enable secure and efficient access through identity and access management solutions. This role is instrumental in advancing Heaven Hill’s overall security maturity and ensuring that cybersecurity enables, rather than limits, innovation and operational excellence.

  • Design, implement, monitor, and maintain security controls across cloud, identity, endpoint, and network environments.
  • Implement and manage Privileged Access Management (PAM) and Role-Based Access Control (RBAC) programs that align with business needs and support POLP (Principle of Least Privilege).
  • Support and enhance Identity Management solutions, including user provisioning, Single Sign-On (SSO) integrations, and secure application configurations.
  • Support secure configuration and hardening of Windows and Linux servers, as well as Windows and macOS workstations.
  • Manage and maintain DNS and domain registrar configurations to ensure secure and reliable name resolution and domain integrity.
  • Implement, integrate, and manage authentication, including Kerberos, FIDO2, Smart Cards, passkeys, certificate-based authentication, and TLS or key management solutions.
  • Administer and support Public Key Infrastructure (PKI), including certificate issuance, renewal, and lifecycle management.
  • Perform vulnerability scanning and coordinate remediation activities.
  • Administer and optimize core security platforms such as endpoint detection and response (EDR) and security information and event management (SIEM) systems, including alert tuning, integration, and incident response support.
  • Develop and maintain automation or scripting (e.g., PowerShell, Python) to improve efficiency in security monitoring, configuration management, and response processes.
  • Monitor security events, investigate incidents, perform root cause analysis, and drive post-incident improvements.
  • Collaborate with IT and business teams to ensure security considerations are integrated into infrastructure and project planning from the outset.
  • Conduct and document formal risk assessments, identify, evaluate, and communicate risk mitigation strategies.
  • Develop, update, and maintain cybersecurity policies, standards, and procedures aligned with the NIST framework.
  • Partner across the business to build awareness, ensure accountability, and foster a risk-informed culture.
  • Support security aspects of vendor assessments and technology evaluations.
  • Provide security guidance for new initiatives, integrations, and system changes.
  • Contribute to incident response planning, tabletop exercises, and lessons-learned reviews.
  • Develop, maintain, and refine security operations and incident response playbooks to support consistent and effective response activities.
  • Stay informed on emerging threats, technologies, and best practices relevant to manufacturing and spirits production environments.
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience along with Information Technology related associate's degree.
  • Minimum 5 years of experience in cybersecurity engineering and/or IT engineering.
  • Strong cloud security experience, including the design input, configuration, and operation of controls in cloud and hybrid environments.
  • Hands-on experience with Microsoft Entra ID (Azure AD), including Conditional Access, identity lifecycle management, and integration within hybrid Active Directory environments.
  • Experience with enterprise email security, endpoint protection, network security, data protection.
  • Experience implementing and managing Microsoft Purview for data protection, governance, and compliance.
  • Experience supporting third-party risk management or vendor assessments.
  • Strong understanding of identity, endpoint, and network security architectures and their integration across enterprise environments.
  • Experience performing root cause analysis during and after security incidents.
  • Experience developing or contributing to security documentation such as policies, standards, or procedures.
  • Strong communication skills across technical and non-technical audiences.
  • Experience in manufacturing or industrial environments.
  • Familiarity with OT/ICS security principles, including network segmentation, asset visibility, and industrial protocol security.
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent.
  • Understanding secure application deployment or DevSecOps principles.
  • Paid Vacation
  • 11 Paid Holidays
  • Health, Dental & Vision eligibility from day one
  • FSA/HSA
  • 401K match
  • EAP
  • Maternity/Paternity Leave
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Network Security Engineer Resume Examples
Network Security Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service