Security Engineer

About the Role:

The Security Engineer will be responsible for designing, implementing, and maintaining security controls and frameworks to protect the organization’s systems, applications, and data. This role will focus on integrating security best practices into business processes while ensuring compliance with regulatory and industry standards. The ideal candidate will have a strong background in security engineering with hands-on experience in Governance, Risk, and Compliance (GRC) frameworks. The Security Engineer will collaborate with key business stakeholders to identify security risks, design technical controls, and drive automation to enhance security posture and compliance initiatives.

What You’ll Do:

• Security Architecture & Engineering: Develop and implement security controls to protect cloud and on-premises environments, ensuring alignment with security best practices and compliance frameworks.
• Risk Assessment: Identify, assess, and prioritize security risks that could impact the organization’s infrastructure, applications, and compliance requirements.
• Compliance Management: Implement and maintain compliance programs and policies aligned with regulatory requirements, such as ISO 27001, HITRUST CSF, and other industry standards.
• Auditing & Assessment: Conduct internal and external security audits to evaluate compliance, identify security gaps, and recommend improvements.
• Security Automation: Develop and implement automated solutions for security monitoring, risk assessment, and compliance reporting.
• Incident Management: Assist in investigating security incidents, ensuring proper response and remediation while maintaining compliance with legal and regulatory requirements.
• Technology Implementation: Evaluate and deploy security tools, such as vulnerability management, SIEM, endpoint protection, and data loss prevention solutions.
• Continuous Improvement: Enhance GRC processes through automation, continuous monitoring, and the development of security metrics, dashboards, and reporting mechanisms.
• Vulnerability Management: Support the development and ongoing oversight of a vulnerability management program, ensuring timely remediation of identified security risks.
• Security Exception Management: Manage the security exception process, tracking alternative mitigating controls and ensuring risk treatment plans align with organizational policies.
• Vendor Risk Management: Maintain and improve the vendor risk management program, conduct security assessments and enhance third-party risk assurance processes.
• Training and Awareness: Develop and deliver training programs to educate employees about compliance requirements and information security best practices.

What We Look For:

• 7+ years of experience in Information Technology, Security Engineering, Governance, Risk, and Compliance (GRC), and/or Internal Audit management.
• Experience with security and compliance automation tools (e.g., Vanta) and implementing security best practices in cloud environments (AWS preferred).
• Experience in conducting risk assessments, security compliance reviews, and audits for cloud-based (AWS, Azure) and on-premises environments.
• Experience implementing and maintaining compliance frameworks such as HITRUST CSF and ISO 27001.
• Experience working in SaaS environments, particularly in regulated industries such as healthcare.

Skills:

• Strong knowledge of security frameworks, risk management, and security technologies (e.g., SIEM, vulnerability management, data loss prevention, and endpoint protection).
• Skilled at applying a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.
• In-depth knowledge of security framework controls as they apply to public cloud (AWS preferred), hybrid, self-hosted, and SaaS environments.
• Understanding of security vulnerabilities, threats, and risk mitigation strategies.
• Ability to translate security and compliance requirements into technical requirements.
• Excellent problem-solving, analytical, and decision-making skills.
• Strong written and verbal communication skills with the ability to present security and GRC concepts to both technical and non-technical stakeholders.

Education:

• Bachelor’s degree in a technical discipline related to Information Technology.
• Professional certifications such as CGRC, CISSP, CISA, CRISC, or similar are highly desirable.

Benefits:

• Medical/dental/vision plans 100% paid for employees and family members without coverage, which start from day one!
• Life and AD&D
• Flexible Spending Accounts: Medical, Dependent Care, and Transportation
• 401 (k) Retirement Savings
• Tuition Reimbursement
• Military Paid Leave (up to 6 months of base salary while on military leave)
• Paid Time Off/ 9 Holidays
• Paid parental leave

Disclaimer:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable qualified individuals with disabilities to perform the essential functions. The term "qualified individual with a disability" means an individual with a disability who, with or without reasonable accommodation, can perform the essential functions of the position.

TeleTracking is an Equal Opportunity/Affirmative Action employer. TeleTracking recruits qualified applicants without regard to race, color, religion, gender, age, ethnic or national origin, veteran status, physical or mental disability, genetic information, sexual orientation or preference, gender identity, marital status, or citizenship status.

Recruiting agencies, please do not submit unsolicited referrals for this or any open role. We have a roster of agencies with whom we partner, and we will not pay any fee associated with unsolicited referrals.