Information Security Engineer

Remote | Full Time

The Information Security Engineer is responsible for developing processes and technologies for the establishment and execution of the controls and security monitoring capability management, and response to include, assisting with the development of programs for enterprise logging, end-user behavior analytics, and security metrics and reporting.

The Information Security Engineer provides controls and security subject matter leadership into the design & delivery of controls and security architectures and development of standards and reference architectures. This includes the creation, support, and facilitation of governing principles that guide controls and security architecture decision-making. The Information Security Engineer will participate in the development of controls and security best practices to achieve the goals of the enterprise controls and security architecture, as well as act as a liaison to other teams.

Primary Responsibilities

  • Strong, track record of implementing controls and security architecture for complex solutions and ability to deliver results through partnering with stakeholders in IT and the business
  • Perform risk assessments to determine if new projects and deployments are aligned with regulatory requirements, industry standards, and best practices and comply with corporate information security and privacy policies
  • On-going project/program management and prioritization of information security risk management activities (including risk treatment plans and external audit/certification initiatives such as SOC 2 Type 2)
  • Plan and perform internal controls, security, and privacy audits to assess control design and effectiveness
  • Report on the status of compliance activities and develop metrics around the risk remediation program
  • Manage incoming and outgoing customer controls, security, and privacy information requests, and questionnaires
  • Communicate with company workers on security awareness topics
  • Support, exhibit, and grow a corporate culture that is committed to information controls and security best practices
  • Working knowledge of IT processes (i.e., ITIL) including program change control management to include but not limited to new code introduction and operating applications
  • Experience with secure architecture principles, security system integration, and configurations, and troubleshooting

Education & Experience

  • Bachelor’s degree in Computer Science, Computer Information Systems or equivalent experience
  • 5+ years of cloud security and controls audit and/or implementation within AWS
  • 4+ years experience with information security, control standards, compliance audits, and frameworks such as SOC 2 and/or ISO27001
  • Understanding of cloud application and security concepts, especially with AWS Microservices including but not limited to AWS Identity and Access Management (IAM), AWS Security Hub, Amazon CloudWatch, Amazon Detective, and/or AWS Guard Duty.
  • Experience with AWS security monitoring and reporting tools in building metrics to capture compliance status
  • Ability to clearly communicate controls and security compliance requirements to internal teams and associated implementation to external customers
  • Understanding of SDLC, CI/CD, and API driven workflows
  • CISM, CISA, and similar certifications are preferred. CCSP certification is a plus
  • AWS Certified-Specialty certification is also strongly preferred
  • Strong attention to detail and written communication skills

Open Positions