Information Security Engineer - Contract to Perm

This position will advance and support Information Security best practices; driving the design, implementation, maintenance, and culture of security and technology functions for the organizations internal technology, as well as customer products and services.

Responsibilities

Integrate with internal engineering & information technology teams providing frameworks to build, design, and implement products across the organization securely.

Review new and existing products and services for vulnerabilities.

Assess the health and security of current internal network and software architectures.

Analyze and prioritize reports from external researchers; facilitate confirmed issues to resolution with appropriate teams.

Lead the prompt investigation of security incidents and be prepared to isolate and remediate incidents pursuant to established procedures.

Assist in the design and delivery of disaster recovery plans that meet compliance related recovery objectives.

Provide training to the organization’s community, fostering a security best practice culture

Support and assist in developing ongoing roadmap for security related projects.

Remote work is available

25% travel

If you are a resident of Colorado or New York: Please contact us or email us at [email protected] to receive compensation and benefits information for this role. Please include the position title in the subject line of the email.

Requirements

Desired Skills and Experience

• 3+ years of combined experience in information security, technology, and risk management with at least 1 year experience focusing on information security.
• Extensive knowledge of current and emerging IT security technologies and techniques covering all levels of cloud and local IT architecture.
• Understanding of application security concepts (such as the OWASP top 10) with the ability to articulate concepts to technical and non-technical staff.
• Vulnerability management experience across multiple operating systems, databases, and applications, remediating issues with technical staff.
• Knowledge of disaster recovery and business continuity principles and practices.
• Experience in TCP/IP networking, firewalls and virtual private networks (VPN).
• Understanding of current encryption standards and implementation procedures.
• Ability to work with engineering teams to weigh business risks and enforce appropriate security measures in support of a Continuous Integration / Continuous Deployment environment.
• Experience with incident management and threat remediation including threat analysis, isolation, identification, and eradication.
• Ability to handle multiple complex, long term projects simultaneously,
• Knowledge and experience with control frameworks such as NIST, CIS, etc.
• Passion for technology and information security.

Education/Certifications Preferred

• B.A. or B.S. in Computer Science, Information Management, or relevant field.
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)