IT Security Engineer II

About NMG: Nationwide Marketing Group works on behalf of thousands of independent appliance, furniture, bedding, electronics, specialty electronics, custom installation, and rent-to-own dealers, helping them grow their businesses and thrive on their own terms. With more than 5,000 members operating some 14,000 storefronts, Nationwide Marketing Group is the largest buying, marketing, and business support organization of its kind, representing billions in combined annual sales across the membership. For more than 50 years, we have remained committed to the independent channel, empowering members with the scale, sophistication, and efficiencies they need to compete while delivering the business intelligence, tools, and resources required to win in a changing marketplace. To learn more, visit nationwidegroup.org or our Nationwide Marketing Group LinkedIn page. Why You Want to Work Here: At Nationwide Marketing Group, we believe our strength comes from the diversity of our people and the communities we serve. We’re committed to building teams where every individual feels valued, included, and supported to do their best work. Different voices and perspectives do more than broaden our thinking. They help us serve our members better.But culture at NMG goes beyond our commitment to diversity and inclusion. We’re a community built on collaboration, respect, and a shared drive to help independent businesses thrive. You’ll join a team that celebrates wins together, tackles challenges head-on, and invests in both professional and personal growth.NMG is proud to be an equal opportunity employer. We do not discriminate based on race, color, sex, age, national origin, religion, sexual orientation, gender identity or expression, veteran status, disability, or any other protected characteristic. If you need reasonable accommodations during the hiring process, let us know and we’ll make sure you have the support you need. What We’ll Do For You: Competitive base pay and performance bonus, dependent on roleMedical, dental, and vision benefits with low-cost coverage optionsEmployer paid basic life and AD&DEmployer paid short-term and long-term disabilityMetLife supplemental insurance optionsMatching 401(k) with 100 percent vestingOpen PTO policy, paid holidays, and ten weeks of paid parental leaveBusiness casual work environmentRewards and recognition platform where you can earn points and redeem for merchandiseDiscounts on electronics, cell phones, travel, wellness, health and auto, pet insurance, and moreJob Location: Remote; Open to U.S. CandidatesJob Summary:The IT Security Engineer is responsible for designing, implementing, and maintaining security controls that protect the organization’s networks, systems, applications, and data. This role actively monitors for threats, responds to security incidents, supports compliance with security frameworks and regulations, and helps strengthen the organization’s overall security posture through continuous monitoring, auditing, and user education.Job Responsibilities:Designs, implements, and maintains security solutions across networks, systems, applications, endpoints, email, and identity platformsContinuously monitors security alerts, logs, and protection systems to identify, investigate, and remediate potential threats and vulnerabilitiesResponds to security incidents, including containment, remediation, root cause analysis, and documentationConducts vulnerability assessments and risk analyses; remediates findings identified through third-party tools and services (e.g., SentinelOne, penetration testing, vulnerability scans)Supports identity and access management (IAM) practices, including user access reviews, least-privilege controls, and role-based accessAssists in the development, implementation, and maintenance of security policies, standards, and proceduresEnsures systems and processes comply with applicable security frameworks and regulatory requirements (e.g., PCI, Zero Trust)Performs regular security audits and monitors adherence to established security policies and proceduresEnsures physical IT security controls are followed by internal staff and external vendorsPrepares, documents, tests, and maintains disaster recovery and incident response proceduresProvides on-call and after-hours support as part of a 24/7 IT security coverage modelLeads and supports end-user security awareness training and best practice adoptionCollaborates with internal teams to continuously improve security controls while maintaining a strong focus on customer serviceCommunicates security risks, incidents, and recommendations clearly through strong written and verbal communicationJob Competencies:Security Architecture & Engineering: Ability to design, evaluate, and evolve security architectures across cloud and on-prem environments, balancing risk, usability, and business needsThreat Detection & Incident Leadership: Proactively identifies threats, leads incident response efforts, and drives remediation through root cause analysis and continuous improvementRisk Management & Compliance: Applies risk-based decision-making to ensure alignment with security frameworks, regulatory requirements, and organizational risk toleranceAutomation & Optimization: Leverages scripting, automation, and tooling to improve security operations, scalability, and efficiencyCross-Functional Collaboration: Partners effectively with IT, Engineering, Product, and Business teams to embed security into systems, processes, and workflowsCommunication & Influence: Clearly communicates security risks, trade-offs, and recommendations to both technical and non-technical stakeholdersOperational Excellence: Demonstrates accountability for reliability, documentation, audits, and operational readiness, including disaster recovery and on-call responsibilitiesContinuous Improvement & Learning: Stays current with evolving threats, technologies, and best practices, and applies new knowledge to strengthen the organization’s security postureBasic Qualifications:Minimum of 4 years of professional experience in IT security, cybersecurity, or related roles. Knowledge of cybersecurity principles, threats, and defensive practicesUnderstanding of security controls, monitoring, and remediation techniquesEffective written and verbal communication skills, including documentation and incident reportingWorking knowledge of networking concepts, including TCP/IP, DNS, VPNs, and firewall technologiesExperience supporting and troubleshooting operating systems such as Windows, Linux, and macOSUnderstanding of security principles including threat modeling, risk assessment, and risk managementPreferred Qualifications:Industry-recognized security certifications such as Security+, CISSP, SSCP, CEH, CCSP, or equivalentUnderstanding of cybersecurity principles with hands-on experience enhancing security functions, controls, and featuresExperience working with industry security frameworks, compliance standards, and audit processes (e.g., PCI DSS, Zero Trust, SOC 2)Hands-on experience designing, implementing, and maintaining security systems across both cloud and on-premises environmentsPractical experience with cloud security platforms and controls in AWS, Azure, and/or GCPExperience with IT Service Management (ITSM) and asset management toolsScripting or automation experience (e.g., PowerShell, Python) to improve detection, response, and operational efficiencyUnderstanding of CI/CD pipelines and secure software development lifecycle (SDLC) practicesExperience supporting enterprise security operations, including networking, identity and access management, vulnerability management, and incident responseWork Environment:Must be able to read, write, and communicate both verbally and in written form to express and exchange ideas. While performing the responsibilities of this job, the employee must be able to access all components of the workstation and other office equipment. Frequent typing, writing, bending, and twisting. Must be able to lift up to 10 pounds.General office environment with moderate noise. This position is mostly sedentary, involves sitting most of the time, but may involve walking or standing for brief periods of time. A busy environment with many unscheduled interruptions. Frequent computer use at workstation for extended periods of time. Public contact position requiring appropriate business apparel.**Applications will be reviewed until the position is filled**