IT Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; or 3–5 years of hands‑on experience in a dedicated IT Security or Cybersecurity role.
• Experience working with EDR, SIEM, vulnerability management tools, and common enterprise security technologies.
• Hands-on experience securing and monitoring enterprise cloud infrastructure, with a strong focus on Azure and AWS.
• Proven track record in driving security remediations and lifecycle vulnerability management.
• Experience conducting comprehensive third-party security reviews, evaluating SOC reports, and assessing data privacy risks.
• In‑depth knowledge of cybersecurity principles, technologies, and best practices.
• Strong understanding of regulatory and compliance requirements (e.g., NIST, SOX, privacy regulations) relevant to enterprise security.
• Demonstrated ability to contribute effectively to a high‑performing cybersecurity team.
• Ability to create, modify, and maintain business and security reporting dashboards.
• Excellent interpersonal, verbal, and written communication skills, with the ability to translate technical issues into business terms.
• Experience evaluating and mitigating security risks associated with AI.
• Strong problem‑solving and critical‑thinking skills; able to exercise sound judgment without all information available.
• Collaborative, self‑directed, and able to manage multiple competing priorities in a dynamic environment.
• Curiosity about artificial intelligence and emerging technologies, with a strong desire to continuously learn and apply new tools to work more efficiently.
• Ability to travel as business needs require.

Nice To Haves

• Strong preference for industry‑recognized certifications such as CISSP, CEH, ECIH, CySA+, Security+, SecurityX, CISM, or GCIH.

Responsibilities

• Monitor networks, endpoints, and systems for security breaches using HHH’s EDR solution and SIEM to detect intrusions and anomalous behavior.
• Triage and investigate alerts, escalating and collaborating with the IT Security Lead as appropriate.
• Lead hands‑on technical response for security incidents, including containment, eradication, and recovery activities, in coordination with the IT Security Lead and MDR partner.
• Conduct or support technical and forensic investigations to determine root cause and scope of incidents.
• Document and maintain incident response procedures, playbooks, and post‑incident lessons learned.
• Continuously improve the Incident Response Plan and procedures to align with emerging threats and business needs.
• Perform network and system security assessments and audits to identify control gaps and weaknesses.
• Organize and conduct vulnerability scans and testing (in coordination with relevant teams) to identify vulnerabilities across infrastructure and applications.
• Conduct or coordinate penetration testing and simulate attacks to identify exploitable weaknesses.
• Analyze and report results of scanning and testing, including risk ratings and remediation recommendations.
• Partner with system owners to track, prioritize, and drive remediation of identified vulnerabilities within agreed SLAs.
• Support the IT Security Lead and senior security leadership in analyzing, designing, and maintaining security roadmaps and implementation plans.
• Identify, define, and document system security requirements for new and existing solutions.
• Recommend security solutions, patterns, and standards to management and project teams.
• Implement, maintain, and monitor NIST‑aligned security controls to protect infrastructure and systems.
• Create, modify, and maintain security and risk‑focused business intelligence dashboards and reports to support decision‑making.
• Implement and manage security tools (including open‑source and third‑party solutions) that assist in detection, prevention, and analysis of security threats.
• Review and help tune configurations for firewalls, data encryption, EDR, email security, and other security products to ensure alignment with standards and policies.
• Review and evaluate email and other forms of communication for potential phishing, data loss, or other security risks.
• Support and maintain security relevant hardware, software, and connectivity components within the network security framework.
• Design and plan major security‑related upgrades and changes to ensure reliability, availability, and secure operations.
• Collaborate with IT engineers, systems administrators, application, and IT Governance, Risk, and Compliance teams to design secure technical solutions and processes.
• Provide guidance to the application development team on secure coding standards and secure SDLC practices.
• Conduct or support user awareness training on information security standards, policies, and best practices.
• Share threat intelligence, incident trends, and control improvements with relevant stakeholders to increase overall security awareness.

Benefits

• Competitive 401k plan
• Generous PTO policy
• Premium medical, dental, and vision coverage
• Voluntary benefits for unexpected life events
• Student loan assistance and stipends to assist with lifelong learning