Incident Response Engineer

Summary

Staff Security Engineer

Information security engineering roles focus on the application of engineering principles to the design, implementation, and maintenance of security measures to protect an organization's information systems and data. These roles involve assessing vulnerabilities, developing security protocols, security monitoring and incident response, security development lifecycle activities, enterprise identity governance and administration, platform deployment and management, and deploying technologies to safeguard against cyber threats, ensuring the integrity, confidentiality, and availability of information assets.

The Staff Security Engineer plays a critical role in designing and implementing security solutions across the enterprise. This position is a senior-level role requiring an advanced understanding of security engineering and software development practices to lead security initiatives, ensuring secure architecture for workloads, and implementing industry best practices. The Staff Security Engineer will collaborate with internal teams to protect the organization’s technology environments and respond to emerging threats, vulnerabilities, and compliance requirements. This role is highly collaborative and may include leading teams or mentoring more junior security engineers or external teams in key security concepts.

Job Will Remain Open Until Filled

Responsibilities

The Company is one of North America’s leading sales and marketing agencies specializing in outsourced sales, merchandising, category management, and marketing services to manufacturers, suppliers, and producers of food products and consumer packaged goods. The Company services a variety of trade channels including grocery, mass merchandise, specialty, convenience, drug, dollar, club, hardware, consumer electronics, and home centers. We bridge the gap between manufacturers and retailers, providing consumers access to the best products available in the marketplace today.

Responsibilities

• Leads security design and oversight for medium- to large-scale projects that potentially have an exceptional impact on the long-term growth of the company; throughout the entire lifecycle: engineering design, development, testing, production, and subsequent fixes and improvements.
• Provides technical security guidance to IT leadership and makes wide-scale architectural and design decisions to ensure compliance with security policies, guidelines, standards, controls, and governance. Estimates, assesses, and manages project timelines, security risks, and supports escalated on-call requests. Represents security as an SME to advise teams on recommended best security practices and help identify security gaps.
• Reviews and designs mission-critical security platforms to ensure code and requirements are clear, concise, tested, and easily understood by others as well as meet security standards.
• Responds to security incidents, performing in-depth investigations and forensic analysis.
• Develops a mastered understanding of all components of key features and architecture for multiple products in the cybersecurity portfolio.
• Conducts continuous improvement and training, including technical research to contribute to setting security direction and strategy. Supports internal cybersecurity training initiatives for staff across the organization.

Supervisory Responsibilities

Direct Reports: This position does not have supervisory responsibilities for direct reports

Indirect Reports: Does not have direct reports, but may delegate work of others and provide guidance, direction and mentoring to indirect reports

Minimum Qualifications

Education Level:

• Required: Bachelor's degree

Experience Requirements:

• 6-8 years of experience in cybersecurity or computer science
• Certified or able to obtain an advanced industry certification within 12-months of hire. Certifications such as CISSP, CISA, CISM, CRISC.

Environmental & Physical Requirements

Office / Sedentary Requirements: Incumbent must be able to perform the essential functions of the job. Work is performed primarily in an office environment. Typically, requires the ability to sit for extended periods of time (66%+ each day), ability to hear telephone, ability to enter data on a computer and may require the ability to lift up to 10lbs.

Knowledge, Skills, and Abilities

• Advanced knowledge of securing cloud platforms such as AWS, Microsoft Azure, or Google Cloud Platform (GCP).
• Proficient in cloud-native security services (e.g., AWS Shield, Azure Security Center, GCP Security Command Center).
• Strong expertise in compliance standards such as ISO 27001, NIST, CIS, GDPR, and SOC2, including governance policy implementation.
• Experience with scripting/programming languages (e.g., PowerShell, Python).
• Advanced understanding of network protocols (e.g., TCP/IP, DNS, HTTP/HTTPS).
• Excellent leadership, collaboration, and communication skills, including the ability to articulate complex cybersecurity issues to non-technical stakeholders.

Additional Information Regarding Job Duties and Job Descriptions

Job duties include additional responsibilities as assigned by one’s supervisor or other manager related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job positions, or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law.

Important Information

The above statements are intended to describe the general nature and level of work being performed by people assigned to this position. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of associates so classified.

The Company is committed to providing equal opportunity in all employment practices without regard to age, race, color, national origin, sex, sexual orientation, religion, physical or mental disability, or any other category protected by law. As part of this commitment, the Company shall provide reasonable accommodations of known disabilities to enable an applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by law.