The Information Security Engineer is a hands-on generalist role within the IT Services Delivery Team, responsible for both security engineering operations and governance, risk, and compliance (GRC) activities across Enercon Technologies’ production platforms; both in proactively hardening and securing the environment and responding to security events and compliance requirements.

This position is responsible for the effective implementation, operation, and maintenance of information security controls, tools, and infrastructure. Directly performs security hardening, patch deployment, vulnerability remediation, and security configuration management across the production environment. Leads effort for security operations and either partners with or escalates security issues to external contractors based on an escalation and support framework.

Supports and applies security frameworks such as the NIST Cybersecurity Framework, CIS Critical Security Controls, and ISO/IEC 27001 in the management of security operations, risk assessments, and compliance activities. Where such resolution is beyond the capabilities of this team, provides well documented escalation requests to external contractors for ultimate disposition and once resolved updates knowledge bases sufficient to reduce repetitive security incidents in the future.

Manages and directs the design, implementation, and maintenance of Enercon’s information security infrastructure and controls.

In the role of Information Security Engineer:

• Directly performs hands-on security operations, including system hardening, patch deployment, security-driven upgrades, and implementing security configurations across servers, endpoints, and infrastructure


• Defines and implements security configurations, access controls, and secure system builds, and provides guidance to IT teams on secure implementation practices


• Reviews vulnerability scan results, prioritizes findings, and directly remediates or coordinates remediation of identified vulnerabilities across systems and infrastructure


• Administers and maintains security tools and platforms used for monitoring, detection, and response across the environment


• Monitors security alerts, logs, and reports to identify potential security events and trends


• Evaluates system and application changes for security impact and compliance with security standards


• Participates in incident response activities, including investigation, documentation, coordination, and post-incident analysis


• Develops, maintains, and enforces information security policies, standards, procedures, and guidelines


• Implements and operates the organization’s information security program in alignment with frameworks such as the NIST Cybersecurity Framework (CSF), CIS Critical Security Controls, ISO/IEC 27001, and SOC 2 Trust Services Criteria


• Performs security risk assessments, documents risk findings, and defines remediation and risk treatment plans


• Monitors and evaluates the effectiveness of administrative, technical, and operational security controls


• Tracks security risks, remediation activities, and corrective action plans to completion


• Executes vendor and third-party risk management activities, including security assessments, documentation review, and risk classification


• Supports compliance initiatives related to customer, contractual, and regulatory security requirements


• Coordinates and participates in internal and external audits, security assessments, and customer security reviews


• Maintains security documentation including policies, standards, procedures, risk registers, system security documentation, and security plans


• Develops and maintains security metrics, dashboards, and reporting for management review


• Contributes to security awareness initiatives and promotes secure practices across the organization


• Stays current on emerging threats, vulnerabilities, and industry best practices and incorporates improvements into the security program


• Performs other Information Systems and security-related duties as required

The skills you need to succeed: 

• Strong understanding of information security principles, risk management, and governance


• Experience implementing and operating security controls in an enterprise environment


• Knowledge of common technical security controls, including access management, logging, vulnerability management, and incident response


• Hands-on experience with security operations tasks such as system hardening, patch deployment, or security configuration management


• Experience developing and maintaining security documentation and evidence


• Strong analytical, organizational, and documentation skills


• Ability to communicate security risks and requirements to technical and non-technical stakeholders


• Ability to prioritize work, manage multiple initiatives, and drive remediation activities to completion


• Collaborate with external contractors on security projects, assessments, and implementations when needed


• Maintain personal adherence to professional and confidentiality standards established within the department and in accordance with legal, ethical and internal policies


• Attend meetings as assigned and participate in educational activities to keep security skills current to environment


• Displays cooperative behavior and interacts positively and effectively with others to promote a team environment


• Is proactive in identifying, reporting and participating in the resolution of any potential security or safety issues


• Performs other duties necessary to maintain the overall efficiency and continuity of the department


• Demonstrates professionalism at all times


• Takes responsibility for delivering superior value and client service


• Approaches opportunities and issues with an optimistic, action-oriented, and solution-based approach

Education & Experience Required:

• Bachelor’s degree in information security, information technology, computer science, or equivalent in demonstrable previous experience


• 5–8 years of experience in information security, security engineering, IT risk management, GRC, or a related technical role with hands-on systems administration experience


• Working knowledge of security frameworks such as NIST CSF, CIS Controls, ISO/IEC 27001, or SOC 2


• Experience with security tooling such as SIEM platforms, endpoint protection, vulnerability scanners, or IDS/IPS systems


• Experience securing Windows and/or Linux server environments


• Familiarity with patch management processes and tools in an enterprise environment


• Experience in a collaborative, small-team IT environment where broad responsibilities are the norm


• Strong analytical and decision-making abilities


• Self-directed, autonomous and results oriented individual dedicated to improving the security posture of the organization


• Ability to build strong partnerships with business partners, contractors and project teams


• Ability to maintain confidentiality


• Security-related certifications are preferred: foundational (Security+, SSCP), technical (GSEC, Microsoft Security), or governance (ISO 27001 Foundation)

Benefits:

• Health insurance (with low deductibles)


• Disability insurance


• Life insurance


• Dental insurance


• Vision insurance


• 401K retirement plan


• 401K match (after 1 year of service)


• Paid time off (PTO)


• Tuition reimbursement


• Flexible medical and dependent care spending account


• Fitness gym on site


• Health wellness program with cash incentives

 

Not sure you meet every qualification? Apply anyway! We’d love to learn more about you and review your resume.