Information Security Engineer

About The Position

Requirements

• Two-year or four-year degree in computer science, information security, technology, or related field; or 3+ years of equivalent experience
• 2+ years of experience in a security operations, site reliability engineering, or other relevant role
• Experience with vulnerability management tools and remediation workflows
• Working knowledge of GCP and/or Azure security services and configurations
• Familiarity with IAM, secrets management, and network security concepts in cloud environments
• Proficiency in shell scripting and Python, TypeScript, Go, or similar programming languages
• Experience with modern DevSecOps practices and technologies (Github, Jira, Confluence)
• Experience operating across cloud-native security and enterprise productivity environments (GCP, Azure, M365)
• Strong analytical and problem-solving skills; high attention to detail
• Ability to communicate and champion security concepts and practices clearly to developers, data engineers, data scientists, and technical and non-technical engineering leadership

Nice To Haves

• Security certifications (CCSP, CEH, GSEC, GCIH, etc.)
• Experience with IaC tools such as Terraform, Ansible, or Puppet
• Hands-on experience with CSPM (Wiz, Lacework, etc.) and SIEM platforms
• Experience with containerization technologies (Kubernetes, Docker)
• Familiarity with DevSecOps practices and software development lifecycle
• Experience securing personal information or other regulated data
• Exposure to security administration of BigQuery, Databricks, or similar data platforms

Responsibilities

• Monitor security tooling and alerts across endpoint, cloud, and network environments; triage and escalate as appropriate
• Perform log analysis and investigation to identify and scope the impact of security incidents
• Support incident response and business continuity plan execution, including tabletop exercises and post-incident reviews
• Support managed detection and response (MDR) partner relationships and act on partner recommendations
• Participate in root cause analyses for security findings; identify contributing factors and implement permanent fixes
• Support the growth and innovation driven by gen AI technologies across the business
• Participate in testing and reviewing new AI vendors and tools
• Research AI security approaches like MCP servers, agent policy/proxy server, etc. and recommend AI security tooling and security design
• Provide support and training for security hygiene in using AI tools, agents, frameworks like spec kit, OWASP Gen AI Security, etc.
• Monitor threat info feeds to monitor and understand the current threat landscape and inform the team to act on
• Operate and monitor vulnerability scanning tools; track and remediate or document exceptions
• Prioritize remediation efforts based on risk scoring and asset criticality
• Coordinate with engineering and IT teams to ensure timely patching and hardening of cloud and endpoint systems
• Support penetration testing engagements: coordinate logistics, track findings, and drive remediation to closure
• Administer and tune security tools including SIEM, vulnerability scanners, EDR, and cloud security posture management (CSPM) platforms
• Build and maintain automation and scripts (Python, Bash, or similar) to streamline security operations and reduce manual toil
• Evaluate and recommend new security tools in partnership with the Head of Information Security

Benefits

• Culture matters and we’ve been recognized as a Top Workplace for ten years running because of it. We demand trust and transparency from each other. We believe in doing the hard and complicated work others put off. We’re open in communication and floor plan. We’re flat – our interns sit next to VPs, our analysts work closely with senior leaders, and our CEO interacts with every single person daily. Put together, these elements help foster an environment where smart people can support each other in performing to their highest potential.
• Ovative is committed to fostering an inclusive environment where everyone can participate and thrive. We do not tolerate discrimination of any kind, including on the basis of race, sexual orientation, gender identity, or gender expression. Our policies reflect this commitment—for example, our medical leave benefits are inclusive of same-sex partners, ensuring equitable care and support for all families.
• We strive to hire and retain the best talent. Paying fair, competitive compensation, with a large bonus incentive, and phenomenal health insurance is an important part of this mix. We’re rewarded fairly and when the company performs well, we all benefit.
• Access to all office spaces in MSP, NYC, and CHI
• Frequent, paid travel to our Minneapolis headquarters for company events, team events, and in-person collaboration with teams
• Generous paid vacation policy
• 401k match program
• Top-notch health insurance options, inclusive of same sex partners
• Family formation benefits including reimbursement options for fertility, pregnancy, and parenting needs
• Monthly stipend for your mobile phone and data plan
• Sabbatical program
• Charitable giving via our time and a financial match program
• Shenanigan’s Day