Information Security Specialist

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent experience).
• 3–5+ years of progressive experience in information security or cybersecurity operations.
• Demonstrated hands-on experience with SIEM platforms, EDR solutions, and vulnerability scanners.
• Working knowledge of ISO 27001 and/or SOC 2 Type II frameworks and audit processes.
• Strong understanding of networking fundamentals (TCP/IP, DNS, HTTP/S, firewalls, VPN).
• Excellent written and verbal communication skills; able to translate technical risk into business language.
• Industry certifications such as CISSP, CISM, CompTIA Security+, or GIAC (e.g., GSEC, GCIH).

Nice To Haves

• Experience with cloud security in AWS, Azure, or GCP environments.
• Familiarity with scripting or automation (Python, PowerShell, Bash) for security workflows.
• Prior experience building or significantly contributing to a compliance program from the ground up.
• Experience conducting or managing penetration tests and red-team exercises.

Responsibilities

• Monitor, triage, and respond to security alerts from SIEM, EDR, and cloud-native tools.
• Lead incident response activities including containment, eradication, root-cause analysis, and post-incident reporting.
• Maintain and continuously improve the incident response playbook and escalation procedures.
• Proactively scan accounts, endpoints, and network segments for indicators of compromise and emerging threats.
• Conduct regular vulnerability assessments and coordinate remediation with system owners.
• Stay current on threat intelligence feeds and integrate findings into defensive operations.
• Evaluate, deploy, and manage antivirus, EDR, and other endpoint threat-detection tools across all company devices.
• Configure and maintain firewalls, VPNs, web proxies, and other perimeter controls.
• Ensure consistent security baselines across Windows, macOS, and Linux endpoints.
• Design, deliver, and track semi-annual security awareness training for all employees.
• Develop supplemental materials such as phishing simulations, quick-reference guides, and policy refreshers.
• Serve as a go-to resource for security questions from staff at all levels.
• Evaluate third-party security solutions, SaaS vendors, and cloud service providers against organizational requirements.
• Conduct vendor risk assessments and maintain an approved-vendor security register.
• Negotiate security terms and review vendor SOC reports, penetration test results, and certifications.
• Support the organization’s pursuit and maintenance of ISO 27001 and/or SOC 2 Type II certifications.
• Draft, review, and maintain information security policies, standards, and procedures.
• Gather evidence, coordinate with auditors, and remediate findings during internal and external audits.
• Advise the Head of Global IT on security risks, investments, and strategic priorities.
• Provide security input on architecture reviews, new technology deployments, and change-management processes.
• Produce regular security metrics and executive-level reporting.