IS Security Engineer

 

GENERAL PURPOSE:

To serve as a Cybersecurity subject matter expert for Pinnacol Assurance. Ensure the secure operation of the company’s computer systems, servers, and network connections.

ESSENTIAL DUTIES / RESPONSIBILITIES:

• Work as a team to implement security frameworks (NIST, CIS, NYDFS, PCI-DSS) to establish a robust, layered defense-in-depth cybersecurity posture.
• Manage and continuously improve vulnerability assessment and remediation systems. This includes identifying, assessing, prioritizing, and remediating vulnerabilities across all systems and applications.

• Secure cloud environments by configuring cloud security controls, managing cloud resources, and utilizing security tools to mitigate vulnerabilities.

• Respond to and resolve cybersecurity incidents and breaches, including proactively identifying and investigating potential security events, effectively tracking and analyzing security incidents, implementing countermeasures, and coordinating response activities with internal and external teams while communicating clearly with technical and non-technical audiences.
• Develop, implement, and manage Data Loss Prevention (DLP) policies and rules across various platforms (e.g., SASE, cloud storage, and email). Investigate data exposure incidents and implement measures to restrict access to sensitive information. Investigate data exposure incidents and restrict access to sensitive information.
• Implement and manage logging systems, utilizing log aggregation systems for security event monitoring, log analysis, and incident investigations to detect anomalous or suspect activities and potential breaches.
• Implement systems and policies that limit access and protect data according to the principle of least privilege. Utilize authentication and authorization technologies, including SSO and federated identity, to ensure streamlined user provisioning and de-provisioning.
• Proactively maintain and administer critical systems and infrastructure components, including operating system and application patching, performance monitoring, troubleshooting, and vendor coordination. Maintain comprehensive system documentation.
• Manage Secure Access Service Edge (SASE) solutions, including configuration and management of cloud security policies, DLP rules, and access controls. Implement zero-trust principles and leverage Cloud Access Security Broker (CASB) functionality.
• Develop scripting (Python/Shell) for automating tasks, integrating with security tools, and developing custom solutions.

MINIMUM QUALIFICATIONS:

• A bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field is preferred. Equivalent work experience in a related field will be considered instead of a degree. Continuous learning and professional development are encouraged and supported.
• Seven years of combined experience in IT, with at least two years focused specifically on cybersecurity and five years in system administration, network engineering, or software development.
• One or more of the following certifications is preferred:

• • Certified Information Systems Security Professional (CISSP)
  • SANS/GIAC certifications (e.g., GSEC, GCIA, GCIH)
  • Certified Information Security Manager (CISM)

INTERPERSONAL SKILLS:

• Collaboration and Teamwork: Effectively collaborate with teams across departments to implement security controls.
• Communication: Convey technical information to both technical and non-technical audiences. Explain security risks to stakeholders, provide clear documentation, and justify security recommendations.
• Problem-Solving and Decision-Making: Identify the root causes of complex security challenges. Evaluate options and make sound decisions, particularly in time-sensitive situations like security incidents.
• Adaptability and Continuous Learning: Stay current with the evolving cybersecurity landscape. Adapt to new threats, technologies, and regulations.
• Teamwork: Work effectively in a group. Contribute to the team's success by communicating well, collaborating, and being accountable.

COMPETENCIES: 

• Initiative - Dealing with situations and issues proactively and persistently, seizing opportunities that arise
• Legislation, policies, procedures, and standards - Understanding and using relevant legislation, policies, procedures, and/or standards in performing one's work.
• Leading and managing change - Supporting, implementing, and initiating change while helping others deal with the transition.
• Interactive communication  - Listening to others and communicating articulately, fostering open communication.
• Technical proficiency in security and infrastructure (Functional Expertise) - Demonstrating fluency and mastery of critical business unit/discipline-related functions, systems, and knowledge necessary to navigate, manage, and resolve complex and nuanced challenges and circumstances.

WORK ENVIRONMENT / PHYSICAL ACTIVITIES:

Regular attendance is required. Extensive telephone and computer work in an office environment. May rack servers, run network cables, climb ladders, and crawl under desks. May lift to 50 pounds. Will participate in 24/7 on-call rotation.

Gainsharing: This role is eligible to participate in our quarterly incentive program, a tool to reward employees quarterly if they meet or exceed the plan targets. The plan is based on team performance to support corporate strategies.

Insurance Benefits: Full-time and part-time employees scheduled to work at least 30 hours per week can enroll in Pinnacol's health programs, such as medical, dental, vision, life insurance, etc.  

Retirement Benefits: As an employee of Pinnacol Assurance, you are automatically enrolled in the PERA Defined Benefit Plan and have the opportunity for additional financial security by enrolling in optional PERAPlus 401(k) and 457 plans.

Salary Range $131,700.00-  $142,400.00

DISCLAIMER:

This description is not an exhaustive list of all duties, responsibilities, or qualifications associated with this job.

Salary Range$131,700—$142,400 USD