Information Security Engineer

Description

Duties and Responsibilities • Conduct security assessments, vulnerability assessments, and penetration tests on systems and applications to identify weaknesses and recommend remediation actions. • Monitor and analyze security alerts, events, and incidents to promptly detect and respond to threats. • Manage and maintain security tools and technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systems. • Lead security awareness and training programs for employees and contractors to promote a culture of security awareness. • Participate in incident response activities, including containment, investigation, and recovery, in the event of a security incident. • Stay updated with cybersecurity threats, vulnerabilities, and industry best practices to ensure the organization remains secure. • Ability to provide security guidance for physical, virtual, and code infrastructure. • Provide vendor due diligence reviews, including SOC2 and vendor risk assessments. • Drive change to improve the overall security posture. • Establish solid relationships with other teams and provide advisement as needed. • Implementation and improvements of a vulnerability and patch management program. • Ensure the protection of CACU information assets through the technical enforcement of organizational security standards and policies. • Design and maintain automated workflows to streamline security operations. • Research, analyzes and formulates recommendations regarding technologies, products, and solutions to fulfill requirements within CACU. • Provide evidence and meet with internal and external audit and compliance teams. • Prepare executive-level reports that document security issues and the extent of the risk realized by them. • Lead security issue remediation efforts across the enterprise. • Perform other miscellaneous duties as assigned.

Skills

Information security, Vulnerability management, endpoint security, endpoint protection, infrastructure as code, sdlc process, Cyber security, Security architecture, Cissp, Firewall

Top Skills Details

Information security,Vulnerability management,endpoint security,endpoint protection,infrastructure as code,sdlc process

Additional Skills & Qualifications

Job Summary The Information Security Engineer is responsible for leading the planning, design, and execution of strategies and technologies aimed at safeguarding the confidentiality, availability, and integrity of CommunityAmerica's information assets. In this capacity, the role involves developing and maintaining security standards and best practices and the recommendation, architecture, and implementation of improvements to existing and new security solutions. The Information Security Engineer is pivotal in driving organizational changes to enhance the organization's security posture and mitigate risks. Responsibilities extend to formulating and maintaining strategies for security breach response and recovery and staying abreast of emerging threats and prevailing trends in information security. To excel in this role, a deep understanding of securing physical and cloud-based environments and computing resources within these environments is required. This includes familiarity with the system development life cycle (SDLC) and expertise in infrastructure as code.

Experience Level

Intermediate Level