Senior Information Security Engineer

Utica National Insurance Group•New Hartford, NY

13d•Remote

About The Position

At Utica National Insurance Group, 1,300 employees countrywide take our corporate promise to heart every day: To make people feel secure, appreciated, and respected. Utica National Insurance Group is an "A" rated $1.7B award-winning, nationally recognized property & casualty insurance carrier. Operating along the Eastern half of the United States, based in our Home Office in Central New York, with Regional Office locations including Boston, NYC, Atlanta, Dallas, Columbus, Richmond, Chicago. Location: This is a remote position, but incumbent must live within one hours drive from either New Hartford, NY or Charlotte, NC to attend periodic office meetings and events at least once per quarter. What will you do: We’re seeking an experienced Senior Information Security Engineer to join our Cyber Security Operations team. In this role, you will design, implement, and maintain security solutions to protect enterprise environments, ensuring a layered security framework is in place. You’ll play a critical role in defending the company from cyberattacks, safeguarding sensitive data, and ensuring compliance with regulatory requirements. You will lead incident response efforts, manage vulnerability and penetration testing programs, and evaluate emerging threats to maintain a strong security posture. This is a high-impact opportunity to influence security strategy, implement cutting-edge solutions, and collaborate across IT and business teams in a dynamic environment.

Requirements

Bachelor’s degree in Computer Science, Engineering, or related field preferred.
7–10 years of hands-on experience in Cybersecurity required.
Strong knowledge of security frameworks, IT infrastructure, cloud services, and regulatory requirements.
Ability to work after hours, nights, weekends, and holidays as needed for incident response.

Nice To Haves

Industry certifications such as CEH, CISSP, CCSK, CCSP, CISM, OSCP, PenTest+ are desirable.

Responsibilities

Design, implement, configure, maintain, and support the end-to-end Security Framework including, but not limited to, IPS/IDS, endpoint protection, email and URL filtering (DMARC/DKIM/SPF), SIEM, vulnerability assessment/scanning, ATP solutions, DLP solutions, MFA and SSO solutions, cloud security, WAFs, and more.
Lead Security Operations – configure alerts to protect against cyber threats, review configurations, and tune systems as needed.
Respond to and investigate potential or actual security incidents.
Lead all phases of Incident Response (Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned).
Handle escalated security alerts and approve mitigation plans.
Research, evaluate, design, configure, and maintain security solutions.
Develop and manage the Vulnerability Management Program, review scan results, and approve mitigation plans.
Perform penetration testing and coordinate third-party testing; review results and remediation plans.
Conduct risk assessments, document threats and vulnerabilities, and develop mitigation strategies.
Evaluate current systems and recommend improvements.
Perform health checks and best practice reviews for security solutions.
Conduct threat modeling/hunting using industry frameworks.