Information Security Associate Engineer

Summary

The Information Security Associate Engineer is responsible for the design and execution of strategies and technologies aimed at safeguarding the confidentiality, availability, and integrity of CommunityAmerica's information assets. In this capacity, the role involves maintaining security standards and best practices and recommending improvements to existing and new security solutions.

The Information Security Associate Engineer is pivotal in helping drive organizational change to enhance the organization's security posture and mitigate risks. Responsibilities extend to formulating and maintaining strategies for security breach response and recovery and staying abreast of emerging threats and prevailing trends in information security.

To excel in this role, a deep understanding of securing physical and cloud-based environments and computing resources within these environments is required. This includes familiarity with the system development life cycle (SDLC) and knowledge of infrastructure as code.

Duties & Responsibilities

• Conduct security assessments, vulnerability assessments, and penetration tests on systems and applications to identify weaknesses and recommend remediation actions.
• Monitor and analyze security alerts, events, and incidents to promptly detect and respond to threats.
• Manage and maintain security tools and technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systems.
• Lead security awareness and training programs for employees and contractors to promote a culture of security awareness.
• Participate in incident response activities, including containment, investigation, and recovery, in the event of a security incident.
• Stay updated with cybersecurity threats, vulnerabilities, and industry best practices to ensure the organization remains secure.
• Ability to provide security guidance for physical, virtual, and code infrastructure.
• Provide vendor due diligence reviews, including SOC2 and vendor risk assessments.
• Drive change to improve the overall security posture.
• Establish solid relationships with other teams and provide advisement as needed.
• Implementation and improvements of a vulnerability and patch management program.
• Ensure the protection of CACU information assets through the technical enforcement of organizational security standards and policies.
• Design and maintain automated workflows to streamline security operations.
• Researches, analyzes, and formulates recommendations regarding technologies, products, and solutions to fulfill requirements within CACU.
• Provide evidence and meet with internal and external audit and compliance teams.
• Perform other miscellaneous duties as assigned.

Requirements

Education and Experience Requirements:

• Bachelor’s degree preferably in information security, computer science or other related field, or equivalent combination of education and/or experience from which comparable knowledge, skills and abilities have been achieved.
• 2 years’ experience in information technologies, or combined experience in security and IT technical work experience. Degrees or certifications may be considered in lieu of experience.

Required Knowledge, Skills and Abilities:

An individual must be able to perform each essential job duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required:

• Understanding of common information security standards and best practices.
• Experience implementing and managing these standard security technologies: centralized log management, vulnerability scanning, intrusion detection\prevention, anti-malware, behavioral analysis, encryption, and authentication and access controls.
• Excellent problem-solving and analytical skills with the ability to quickly isolate problems, collect data, establish facts, and draw valid conclusions.
• Expertise with cybersecurity frameworks and standards (NIST, ISO, CIS… etc.) is a plus.
• Knowledge of enterprise risk assessment methodologies.
• Strong problem-solving skills, including developing innovative risk mitigation solutions that address core issues.
• Strong understanding of user account management best practices.
• Working knowledge of log, network, and system forensic investigation techniques.
• Knowledge of security vendors and security product capabilities.

Preferred Knowledge, Skills and Abilities:

• Certification in CISSP, SANS, or other relevant certification.