Information Security Engineer

About The Position

Requirements

• 5+ years in security engineering or closely related roles (cyber defense infrastructure, detection engineering, vulnerability management, incident response support).
• Proficiency in scripting/automation (e.g., Python, PowerShell, Bash) and infrastructure‑as‑code; experience integrating security controls into CI/CD and operational workflows.
• Demonstrated detection engineering capability (authoring detection logic/playbooks, ATT&CK‑mapped use cases, false‑positive reduction) across heterogeneous telemetry sources.
• Solid understanding of Zero Trust, SASE/SSE, identity threat detection/response, and data protection/DLP concepts.
• Familiarity with AI/ML fundamentals and adversarial threat taxonomy (prompt injection, poisoning, evasion, inference attacks).

Nice To Haves

• Experience with one or more of the following tools and ecosystems including Microsoft Sentinel (SIEM/SOAR), Microsoft Defender XDR, Intune, Purview (DLP/Insider Risk), Entra ID/Active Directory (hybrid), Azure security services/policies, and Palo Alto Prisma (SASE: ZTNA, SWG, CASB) preferred.
• Detection rule authoring languages and query frameworks: KQL, Sigma, SPL; familiarity with SOAR playbooks and API integrations preferred.
• Industry certifications preferred include SC‑200, AZ‑500, SC‑100, SC‑400, MD‑102, MS‑102; PCNSA/PCNSE; GIAC (GCTI, GCFA, GMON); AI/Responsible AI training aligned to NIST AI RMF / OWASP LLM Top 10 / ISO/IEC 42001.

Responsibilities

• Engineer, deploy, and maintain security telemetry pipelines (SIEM/SOAR, EDR/XDR, NDR, IDS/IPS); continuously tune for signal fidelity and performance.
• Normalize and correlate endpoint, identity, network, and cloud logs to support high‑confidence detections and investigations.
• Establish secure configuration baselines for operating systems, endpoints, servers, containers, Kubernetes clusters, and network devices; validate with configuration compliance tooling.
• Integrate baseline compliance into CI/CD and change management processes.
• Design and implement detection logic/use cases mapped to adversary TTPs (e.g., MITRE ATT&CK); author high‑signal rules/playbooks and iteratively reduce false positives.
• Support incident response by engineering containment and eradication steps (segmentation, identity controls, endpoint isolation, patching, hardening) and feed lessons learned back into controls.
• Implement guardrails (policy‑as‑code), preventive/detective controls (CSPM/CNAPP), and cloud‑native logging across accounts/subscriptions/projects.
• Enforce least privilege for service principals/managed identities and automate secrets management; secure workloads, containers, and CI/CD supply chains (signing, SBOM, provenance).
• Design and enforce conditional access, strong MFA, just‑in‑time/just‑enough‑admin, and privileged access workflows; integrate identity signals into detections and automated response.
• Implement identity threat detection and response (ITDR) for risky sign‑ins, token misuse, delegated access abuse, and automated remediation.
• Establish data classification/tagging; deploy endpoint, email, and cloud DLP controls and drive detections for exfiltration and over‑permissioned data stores.
• Implement encryption at rest/in transit with lifecycle key management; validate secure egress/ingress controls.
• Design and tune SASE/SSE policies to protect SaaS usage and remote access; integrate device posture and identity signals; validate policy efficacy via attack simulations.
• Build resilience in security components: infrastructure‑as‑code drift detection, control health monitoring, backup/restore testing, and evidence automation for audits; embed security in CI/CD pipelines.
• Develop AI‑specific incident response playbooks; integrate AI threat intelligence into hunting and detection workflows; align practices with leading guidance (e.g., NIST AI RMF, OWASP Top 10 for LLMs, ISO/IEC 42001).

Benefits

• What We Offer | National Futures Association