IT Information Security Engineer

Leaf Home•Hudson, OH

About The Position

At Leaf Home, we are powered by people on a single mission to make homeownership easy. We’ve crafted a team of the very best to ensure we make a difference by winning every day. In addition to serving our customers, Leaf Home strives to build a welcoming and inclusive workplace. We are proud to be a certified Great Place to Work® as well as a multi-year recipient of Top Workplaces recognition. From competitive medical benefits to people-focused committees like the Women’s Committee, Diversity & Inclusion Committee, and VetConnect, we are dedicated to making Leaf Home a workplace where you can win every day. Come grow your career with us. Why Leaf Home We Win – Being driven every day to win is who we are People Powered – Recognized as a top Ohio and U.S. workplace by Great Place to Work®, Energage, and more Family Feel with Enterprise-Level Resources – You are important to us, and we’ve built a culture you’ll love Support – Inclusion, sustainability, and reliability surround everything we do Personal Growth – Dedicated to providing resources and encouragement for employee growth Mobility – Locations throughout the U.S. and Canada, with continued expansion Position Summary The IT Information Security Engineer will be responsible for the development, maintenance and support of LHS Security solutions related to our current and future hardware, software, and network systems. This position will have a strong focus on information security design and implementation. This role is considered a key position within the LHS Information Security Team

Requirements

Bachelor’s Degree preferred, or equivalent combination of education, training, and experience.
Demonstrated experience configuring, tuning, and performing in-depth analysis in Security and Security related tools.
Experience with implementation of policies and procedures for compliance and audits.
Demonstrated experience in a Security Information and Event Management System (SIEM) and an Endpoint Detection and Response (EDR).
Demonstrated operational experience with advanced firewall features, Data Filtering, Application Control, Anti-Virus, and File Blocking.
Demonstrate an understanding of important strategies to gather events, analyze them, and determine if we have a cyber incident.
Demonstrate an understanding of what Incident Handling is, why it is important, and an understanding of best practices to take in preparation for an Incident.
Demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the company after discovering the incident.
Familiar with standard concepts, practices, and procedures supporting multiple branch office/retail locations.
5+ years of experience in project engineering, integrating, and implementing infrastructure technologies & services and related technologies.
5+ years of Network, Infrastructure, or Security administration experience desired.
5+ years of experience with Microsoft technologies including Windows OS and Windows networking.
Knowledgeable in security best practices including IAM, encryption, OpenSSL, SSL certificates, system hardening, etc.
Excellent troubleshooting skills.
Strong attention to detail.
Excellent communication and interpersonal skills including the ability to build consensus and to present complex presentations.
Ability to explain complex technical detail and tradeoffs to non-technical associates.
Proactive attitude and ability to work with minimal supervision.
Ability to juggle various work activities and shift their attention from one task to another to meet the demands of different stakeholders without “dropping the ball”.
Ability to thrive in a fast-paced, high-energy, team-oriented environment and have a “roll up your sleeves” and “today not tomorrow” mentality.
Apply active listening skills through the ability to comprehend information presented and respond thoughtfully.
Detail-oriented and can focus on the task at hand, no matter how minute, by finding the most efficient and effective pathway to completion.
Excellent verbal and written communication skills are required for communicating with internal and external parties in a manner that is both articulate and professional.
Ability to logically connect ideas, scrutinize and evaluate arguments, find inconsistencies and errors in work, solve complex problems, and engage in reflection.
Ability to provide timely and empathetic help through in-person, phone, email, and social media avenues that keeps the co-worker or customer’s needs at the forefront of every interaction.
Ability to communicate effectively, to recognize, understand, and manage one’s own emotions as well as others, and foster positive working relationships across all levels of the organization.
Holding oneself responsible and being self-driven in accomplishing business goals, adhering to policies and being responsible for one’s own actions, performance, and decisions.
Proficiency using Microsoft Office Suite (Outlook, Word, Excel, PowerPoint, Project, and/or Access).
Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).

Nice To Haves

CISSP certification, preferred

Responsibilities

Detailed design and implementation of Information Security work efforts e.g., secure network design, detailed design, and implantation of IAM systems, etc., as well as providing security subject matter expertise to outside IT and business teams.
Monitor the organization’s networks for security breaches and investigate a violation when one occurs.
Install and use software, such as firewalls and data encryption programs, to protect sensitive information.
Conduct penetration testing, to simulate attacks to look for vulnerabilities in systems before they can be exploited.
Develop security standards and best practices for the organization.
Recommend security enhancements to management or senior IT staff.
Providing security design and planning during the design, development, and maintenance of infrastructure environments.
Providing cyber engineering expertise to determine security requirements by evaluating best practices; researching security standards/tools; conducting system security and vulnerability analysis and risk assessments; identify integration issues.
Enhancing current software/security team competence by developing and directing secure application/architecture techniques; recommending improved processes.
Evaluating network and security technologies; developing requirements for local area networks (LANs), and secure interfaces.
Influencing the system requirements and design processes to incorporate the identification of security requirements early in these processes.
Evaluate, respond, and mitigate alerts that originate from the SIEM and the Cyber security product suite, e.g., NGFWs, IDS/IPS, Anti-virus, Web Application, Firewalls, Conditional Access Policies, etc.
Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation.
Performs investigation and data loss prevention, data manipulation, and coordination of activities.
Conducts security assessments and other information security routines consistently.
Investigates and recommends corrective action for data security related to established guidelines.