Security Engineer

Description

Why you’ll want to work at nimble! 

This is a great opportunity to join a well-established and market-leading brand serving a high-growth end market while gaining valuable experience and visibility to Executive leadership. As an organization, we are in considerable growth mode through acquisition and with a laser focus on positive culture building.   

The Information Security Engineer is responsible for safeguarding the organization's systems and data assets. This critical role focuses on preventing and mitigating unauthorized access, modification, or destruction of sensitive information. The Engineer actively participates in the development and implementation of robust IT security policies and standards. Through close collaboration with end-users across various departments, this position ensures the alignment of security measures with individual business needs while maintaining strict adherence to company-wide security policies and procedures. 

The Information Security Engineer reports directly to the Director of Information Security and maintains an indirect reporting line to the Chief Information Technology Officer.

Threat Detection & Response: 

• Monitor the organization's servers and networks for security breaches using tools such as  Windows Defender, Windows Purview, Crowdstrike, Rapid7
• Investigate and respond to security incidents promptly.
• Utilize Windows Defender, Rapid7 and Wiz for vulnerability scanning and threat intelligence gathering.
• Implement and enforce security policies through Intune.

Security Architecture & Engineering: 

• Design, implement, and maintain security controls, including firewalls, intrusion detection/prevention systems (IDPS), and data encryption.
• Conduct security assessments and penetration testing.
• Develop and maintain security standards and best practices.

Endpoint Security Management: 

• Manage endpoint security solutions, including Windows Defender and Crowdstrike

Vulnerability Management: 

• Identify, assess, and prioritize vulnerabilities using Windows Defender, Wiz and Rapid7.
• Develop and implement remediation plans.

Compliance & Reporting: 

• Prepare reports that document security metrics, attempted attacks, and security breaches.
• Ensure compliance with relevant security standards and regulations.

Security Awareness & Training: 

• Educate and train employees on IT security best practices and awareness.
• Collaborate with IT teams, business units, and other stakeholders to ensure effective security implementation.
• Clearly communicate security risks and recommendations to management.

Requirements

• 5+ years of experience in systems or network administration/engineering
• 1+ years of experience in information security roles
• Strong understanding of security principles and best practices (e.g., NIST)
• Proficient with Windows Server administration and management
• Proficient with network protocols and topologies
• Experience with security information and event management (SIEM) systems
• Experience with scripting languages (e.g., Python, PowerShell)
• Strong analytical and problem-solving skills
• Excellent written and verbal communication skills
• Ability to work independently and as part of a team
• Experience with cloud security (e.g. Azure, Defender)
• Experience with security orchestration and automation platforms (SOAR).
• Experience with container security and microservices.

This job description is intended to provide a general overview of the position.

Responsibilities and qualifications may vary depending on the specific needs of the organization.

This revised job description incorporates the specified security software suites and provides a more comprehensive overview of the role.