Information Security Engineer

The Information Security Engineer is a hands-on generalist role within the IT Services Delivery Team, responsible for both security engineering operations and governance, risk, and compliance (GRC) activities across Enercon Technologies’ production platforms; both in proactively hardening and securing the environment and responding to security events and compliance requirements.This position is responsible for the effective implementation, operation, and maintenance of information security controls, tools, and infrastructure. Directly performs security hardening, patch deployment, vulnerability remediation, and security configuration management across the production environment. Leads effort for security operations and either partners with or escalates security issues to external contractors based on an escalation and support framework.Supports and applies security frameworks such as the NIST Cybersecurity Framework, CIS Critical Security Controls, and ISO/IEC 27001 in the management of security operations, risk assessments, and compliance activities. Where such resolution is beyond the capabilities of this team, provides well documented escalation requests to external contractors for ultimate disposition and once resolved updates knowledge bases sufficient to reduce repetitive security incidents in the future.Manages and directs the design, implementation, and maintenance of Enercon’s information security infrastructure and controls.In the role of Information Security Engineer:Directly performs hands-on security operations, including system hardening, patch deployment, security-driven upgrades, and implementing security configurations across servers, endpoints, and infrastructureDefines and implements security configurations, access controls, and secure system builds, and provides guidance to IT teams on secure implementation practicesReviews vulnerability scan results, prioritizes findings, and directly remediates or coordinates remediation of identified vulnerabilities across systems and infrastructureAdministers and maintains security tools and platforms used for monitoring, detection, and response across the environmentMonitors security alerts, logs, and reports to identify potential security events and trendsEvaluates system and application changes for security impact and compliance with security standardsParticipates in incident response activities, including investigation, documentation, coordination, and post-incident analysisDevelops, maintains, and enforces information security policies, standards, procedures, and guidelinesImplements and operates the organization’s information security program in alignment with frameworks such as the NIST Cybersecurity Framework (CSF), CIS Critical Security Controls, ISO/IEC 27001, and SOC 2 Trust Services CriteriaPerforms security risk assessments, documents risk findings, and defines remediation and risk treatment plansMonitors and evaluates the effectiveness of administrative, technical, and operational security controlsTracks security risks, remediation activities, and corrective action plans to completionExecutes vendor and third-party risk management activities, including security assessments, documentation review, and risk classificationSupports compliance initiatives related to customer, contractual, and regulatory security requirementsCoordinates and participates in internal and external audits, security assessments, and customer security reviewsMaintains security documentation including policies, standards, procedures, risk registers, system security documentation, and security plansDevelops and maintains security metrics, dashboards, and reporting for management reviewContributes to security awareness initiatives and promotes secure practices across the organizationStays current on emerging threats, vulnerabilities, and industry best practices and incorporates improvements into the security programPerforms other Information Systems and security-related duties as requiredThe skills you need to succeed: Strong understanding of information security principles, risk management, and governanceExperience implementing and operating security controls in an enterprise environmentKnowledge of common technical security controls, including access management, logging, vulnerability management, and incident responseHands-on experience with security operations tasks such as system hardening, patch deployment, or security configuration managementExperience developing and maintaining security documentation and evidenceStrong analytical, organizational, and documentation skillsAbility to communicate security risks and requirements to technical and non-technical stakeholdersAbility to prioritize work, manage multiple initiatives, and drive remediation activities to completionCollaborate with external contractors on security projects, assessments, and implementations when neededMaintain personal adherence to professional and confidentiality standards established within the department and in accordance with legal, ethical and internal policiesAttend meetings as assigned and participate in educational activities to keep security skills current to environmentDisplays cooperative behavior and interacts positively and effectively with others to promote a team environmentIs proactive in identifying, reporting and participating in the resolution of any potential security or safety issuesPerforms other duties necessary to maintain the overall efficiency and continuity of the departmentDemonstrates professionalism at all timesTakes responsibility for delivering superior value and client serviceApproaches opportunities and issues with an optimistic, action-oriented, and solution-based approachEducation & Experience Required:Bachelor’s degree in information security, information technology, computer science, or equivalent in demonstrable previous experience5–8 years of experience in information security, security engineering, IT risk management, GRC, or a related technical role with hands-on systems administration experienceWorking knowledge of security frameworks such as NIST CSF, CIS Controls, ISO/IEC 27001, or SOC 2Experience with security tooling such as SIEM platforms, endpoint protection, vulnerability scanners, or IDS/IPS systemsExperience securing Windows and/or Linux server environmentsFamiliarity with patch management processes and tools in an enterprise environmentExperience in a collaborative, small-team IT environment where broad responsibilities are the normStrong analytical and decision-making abilitiesSelf-directed, autonomous and results oriented individual dedicated to improving the security posture of the organizationAbility to build strong partnerships with business partners, contractors and project teamsAbility to maintain confidentialitySecurity-related certifications are preferred: foundational (Security+, SSCP), technical (GSEC, Microsoft Security), or governance (ISO 27001 Foundation)Benefits:Health insurance (with low deductibles)Disability insuranceLife insuranceDental insuranceVision insurance401K retirement plan401K match (after 1 year of service)Paid time off (PTO)Tuition reimbursementFlexible medical and dependent care spending accountFitness gym on siteHealth wellness program with cash incentivesNot sure you meet every qualification? Apply anyway! We’d love to learn more about you and review your resume.