IT AssociatesRemote
Information Security Engineer
United States of America
Full Time
1 hour ago
$100,000 - $120,000 USD
Visa Sponsor
Key skills
Information SecurityIT Security OperationsSecurity FrameworksNISTISO 27001CISMITRE ATT&CKSIEMSOAREDRAntivirusNACDLPApplication ControlEmail SecurityVulnerability ScannersCySA+CEHCISSPAnalyticalCommunicationPenetration Testing
About this role
IT Associates is seeking an Information Security Engineer to ensure the confidentiality, integrity, and availability of all IT assets within the Firm. This role involves strategic oversight and hands-on security operations, including managing vulnerabilities, security governance, and continuous improvement initiatives.
Responsibilities:
- Participate in the Vulnerability Management Program, including asset scans, documentation, and reporting
- Research, prioritize, and remediate vulnerabilities in coordination with IT teams
- Manage the relationship with the Managed Threat Detection & Response vendor to ensure quality service
- Optimize SIEM alerting to reduce false positives, ensure comprehensive log ingestion, and strengthen detection capabilities
- Monitor and respond to SIEM (Security Information and Event Management) alerts, ensuring appropriate verbosity
- Conduct incident response and recovery exercises to enhance the Firm’s security posture
- Develop and validate controls, safeguards, and standards for the information security program
- Implement and document Firm security practices in alignment with policies and industry standards
- Monitor, track, and report key performance indicators (KPIs) for security program effectiveness
- Assess security program effectiveness, identifying gaps, and recommending improvements
- Conduct security evaluations for third-party vendors and facilitate access reviews
- Respond to due diligence questionnaires related to information security
- Deploy, manage, and maintain security tools, ensuring alignment with security objectives
- Evaluate and recommend security solutions and vendors
- Assist with IT asset inventory control in coordination with other IT teams
- Stay current with emerging security threats, tools, and best practices
- Work cross-functionally to embed security into Firm processes and technology
- Educate employees on security best practices to enhance awareness and reduce risks
- Participate in Information Security and Governance projects, security initiatives, and third-party penetration testing
Requirements:
- Bachelor's degree in a technical, scientific, or quantitative field OR equivalent work experience in IT/security
- 4+ years of experience in an Information Security or IT security operations
- Familiarity with security frameworks (e.g., NIST, ISO 27001, CIS), governance controls, MITRE ATT&CK
- Hands-on experience with security tools such as SIEM, SOAR, EDR/AV, NAC, DLP, application control, email security, and vulnerability scanners
- Strong analytical, problem-solving, and communication skills
- Ability to work in a fast-paced environment while managing multiple priorities
- Industry certifications (e.g. CySA+, CEH, CISSP, etc) are a plus