Akumin is a company focused on securing its IT infrastructure, networks, and systems. The Security Engineer I plays a vital role in ensuring the organization’s security posture aligns with best practices and regulatory requirements, leading security operations including incident response and vulnerability management.
Responsibilities:
- Establish monitoring and detection mechanisms to identify potential threats, and lead or assist in responding to incidents
- Conduct vulnerability assessments, penetration testing, and remediation of security weaknesses
- Automate tasks where possible, using scripting and configuration management tools
- Architect and implement security controls, including firewalls, intrusion detection systems, and encryption technologies
- Review of applications and systems to ensure industry best practices and security hardening
Requirements:
- Bachelor's Degree or equivalent experience in IT Security, Computer Science
- A valid and active certification in Information Security or Cybersecurity
- 5+ years of hands-on experience in cybersecurity or a related field, including areas like network security, cloud security, and threat intelligence
- Innovative Mindset: Always looking for new tools, techniques, and strategies to improve the organization's security posture
- Communication: Strong ability to convey technical security issues to non-technical audiences, including management and other stakeholders
- Problem-Solving: Excellent troubleshooting skills with a proactive approach to solving complex security challenges
- Collaboration: Ability to work well with cross-functional teams, including DevOps, IT, and development teams, to integrate security into all layers of the organization's infrastructure
- Security Tools and Technologies: Proficiency with firewalls, IDS/IPS, endpoint protection, SIEM, encryption, VPNs, and multi-factor authentication (MFA)
- Penetration Testing and Vulnerability Management: Strong knowledge of vulnerability scanning tools and penetration testing techniques, with the ability to find and exploit weaknesses in an organization's security infrastructure
- Network Security: In-depth understanding of networking protocols (TCP/IP, DNS, HTTP, SSL/TLS) and how to secure them
- Cloud Security: Expertise in securing cloud infrastructures, particularly AWS, Azure, or Google Cloud, including IAM, encryption, and security monitoring tools
- SIEM and Logging: Experience with configuring and maintaining SIEM platforms and analyzing logs for unusual activities
- 20% Travel may be required
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- GIAC Security Essentials (GSEC)
- Certified Cloud Security Professional (CCSP)
- AWS, GCP, or Azure Cloud Security Engineer Certification
- Or other relevant cybersecurity certifications
- DevSecOps: Experience integrating security into CI/CD pipelines and automating security controls in software development
- Zero Trust Architecture: Understanding of Zero Trust security models and their application in modern IT environments
- Identity and Access Management (IAM): Expertise in managing user identities and permissions, especially in cloud or hybrid environments
- Threat Intelligence: Ability to analyze and apply threat intelligence to enhance the organization's defense mechanisms