Information Security Engineer

Description

• Respond to security incidents, performing triage, containment, documentation, and escalation in coordination with senior team members.
• Assist in conducting risk assessments, security reviews, and gap analyses for compliance with standards such as NIST, CIS, ISO 27001, HIPAA, and GDPR.
• Manage and operate enterprise security tools including Tenable, CrowdStrike, NG-SIEM, Cisco FirePower, NetSpi, CyberArk and Zscaler.
• Contribute to user awareness programs by promoting security best practices and supporting education initiatives across the organization.
• Responsible for the creation, maintenance and control of all personally identifiable information or any other information protected by Confidentiality and Privacy Standards see Mass Regulations on Personal Identity Regulations and HIPAA.
• Collaborate with IT teams to guide and influence security best practices in operations, infrastructure, and application development.
• Design, deploy, and manage security solutions in alignment with security policies and business needs.
• Work with IT and development teams to ensure security is integrated into design and implementation processes.
• Analyze security event logs and correlate data to identify threats and recommend improvements based on threat intelligence.
• Participate in after-hours on-call escalations and in Stadium event coverage rotations
• Create and maintain security dashboards and reports to communicate trends, vulnerabilities, and risk metrics to leadership.
• Assist with firewall rule reviews, applying least privilege and zero-trust principles, and managing change workflows.
• Support penetration testing efforts by collaborating with third-party testers, reviewing findings, and assisting in remediation.
• Stay informed of evolving security threats, technologies, and industry developments to improve security measures.
• Administer and enhance Privileged Access Management (PAM) solutions, including implementing Just-In-Time (JIT) access, credential rotation, session monitoring, and least-privilege controls using CyberArk or similar technologies.
• Participate in vulnerability management lifecycle—monitoring alerts, identifying risks, and implementing remediation activities.
• Assist in internal and external audit activities, including documenting controls, tracking exceptions, and managing remediation plans.

Requirements

• Ability to support cross-functional security projects and provide security guidance to IT teams.
• Strong understanding of Defense-in-Depth, Zero-Trust Security Models, and Compensating Controls.
• Experience in security design and implementation for Enterprise Platforms and Operating Systems (Windows, Unix/ Linux).
• Certified Information Systems Security Professional (CISSP) or similar certifications preferred
• Strong analytical and problem-solving skills with a focus on security risk mitigation.
• Familiarity with regulatory compliance frameworks such as CIS, CISA, NIST, ISO 27001, ISO 27002, HIPAA, GDPR.
• Strong communication and documentation skills for reporting security risks and solutions to stakeholders.
• Familiarity with network security concepts, firewalls, and enterprise security controls (Cisco iOS & NX-OS, Aruba OS, Extreme XOS).
• 4-6 years of experience in cybersecurity architecture, security engineering, or related fields, with a track record of implementing security solutions.
• Experience with Enterprise NGFW platforms (Cisco FTD) and advanced threat detection tools.
• Bachelor’s degree in Cybersecurity, Computer Science, or Information Systems preferred.

Benefits

• Fast-paced office environment.

Training + Development

Interview process

Visa Sponsorship

Security clearance