Information Security Engineer

Keyfactor, Inc.•Independence, OH

14h•Remote

About The Position

The Information Security Engineer is responsible for executing and advancing the organization’s security operations, risk management practices, and compliance programs. This role focuses on strengthening security controls, leading incident response activities, managing vulnerability remediation efforts, and ensuring sustained compliance with frameworks such as ISO 27001:2022 and SOC 2 Type II. The role operates with increased independence, drives improvements to security tooling and processes, and partners cross-functionally to embed secure practices into infrastructure and engineering workflows. Work at this level includes ownership of defined security domains and contributing to the ongoing maturity of the organization’s overall security posture. Applicants must be legally authorized to work in the United States.

Requirements

5+ years of experience in information security or a similar role
Proficiency in vulnerability scanning tools (Nessus, Burpsuite, Tenable, etc…) and interpreting scan results for remediation.
Strong knowledge of security standards
Demonstrated experience in continuous monitoring, network security, firewalls, VPNs, IDS/IPS, and endpoint protection.
Strong analytical skills and a meticulous approach to problem-solving
Demonstrated capability to deliver results on-time and to a defined schedule.
Familiarity with cloud security principles
Experience with security automation and continuous monitoring tools
Knowledge of scripting languages (Python, PowerShell) to automate security processes

Nice To Haves

Relevant certifications (e.g., CISSP, CompTIA Security+, CAP) are strongly preferred
PKI knowledge a plus
Experience in STIG configuration & implementation, and best practices for implementing these in various environments preferred
Expertise in Government related InfoSec compliance frameworks such as NIST 800-53, NIST 800-171 preferred
Experience with government-regulated environments (AWS GovCloud, Azure Government) preferred

Responsibilities

Experience conducting vulnerability assessments, system audits, and risk analysis using industry-standard scanning tools (e.g., Nessus, Azure security tools, Tenable, Burpsuite, etc…) to support a proactive security posture.
Manage and implement continuous monitoring processes to ensure the organization maintains compliance with a variety of information security frameworks, including ISO 27001:2022 and SOC 2 Type II. Experience with government compliance standards such as FedRAMP (NIST SP 800-53) and CMMC is preferred. This role focuses on ensuring robust security practices and adapting to evolving compliance requirements.
Collaborate closely with IT, DevOps, Engineering, and Compliance teams to enforce security policies, procedures, and best practices.
Actively monitor, analyze, and respond to security alerts and incidents, performing investigations, incident handling, and recommending corrective actions.
Provide expert guidance on security matters to support secure development and operations.

Benefits

Second Fridays (a company-wide day off on the second Friday of every month minus November and December due to the Holiday schedule). Please note that this benefit is subject to change.
Comprehensive benefit coverage globally.
Generous paid parental leave globally.
Competitive time off globally.
Dedicated employee-focused ambassadors via Key Contributors & Culture Committees.
DIVERSE Commitment, a call to action for a more inclusive and diverse future in business, society, and technology.
The Keyfactor Alliance Program to support DEIB efforts.
Wellbeing resources, wellness allowance, mindfulness app free membership, Wellness Wednesdays.
Global Volunteer Day, company non-profit matching, and 3 volunteer days off.
Monthly Talent development and Cross Functional meetings to support professional development.
Regular All Hands meetings – followed by group gatherings.