Information Security Engineer

The Information Security Engineer role will help champion the Application Security, Cloud Security and Cybersecurity programs as an SME in security controls, applying best practices to our security standards, liaison between cross-functional teams (Product, Engineering, SRE, IT), shared services, and infrastructure. The role responsibilities will consist of secure code review, security configuration and development, automation workflows, DevSecOps, vulnerability remediation, secure infrastructure design, threat analysis, and deploying secure defenses.  This position can be based out of either of Apex's Dallas or Chicago offices.

Duties/Responsibilities

• Act as a subject matter expert for security tools deployed such as but not limited to; threat detection, cloud security, application security, IAM, source code, and security logging technologies. 

• Monitor cloud and data center infrastructure and proactively mitigate potential incidents and vulnerabilities. 

• Investigate security events, alerts and incidents and participate in incident response workflows and processes. 

• Provide guidance to our engineering and development teams on security standards and secure best practices. 

• Conduct assessments of security controls and penetration tests for new and existing systems. 

• Create and maintain documentation and architecture diagrams. 

• Determine new or revised security measures and countermeasures for current security challenges and threat landscape.

• Independently architect, implement, deploy, and deliver solutions for various security technologies. 

• Document and publish new security architectural standards and design guidelines. 

• Provide technical expertise, team member mentoring and advice as it relates to security engineering. 

• Assume product ownership, roadmap planning and sprint planning using agile and kanban frameworks. 

• Ensure compliance with the latest regulations, standards, and laws related to information security and data confidentiality. 

• Develop automation to improve security detection, scanning and remediation using custom scripts and “as-code” methods. 

• Recommend new security technologies, processes and policies to reduce application and technology risk. 

• Participate in security audits and assessments to provide evidence, interpret security controls and design technology solutions to maintain security certifications and frameworks. 

Education and/or Experience

• Bachelor's degree in computer engineering, computer science, information technology, cybersecurity, or other related field (or equivalent work experience) required

• 3+ years of experience in security engineering or 5+ years in security analyst, IT, computer engineering experience.  

• Security Certifications preferred: CompTIA, AWS/GCP/Azure, GIAC, ISC2, EC-Council

• Experience with scripting and programming languages, including integration with APIs, such as Python, Perl, PowerShell, Bash, Java, Javascript, and Go. 

• Experience in managing and monitoring a security architecture and ecosystem. 

• Experience with cloud native platforms such as workloads, images, Kubernetes, serverless, cloud databases, load balancers, web application firewalls, etc. 

• Experience building deployment pipelines, e.g., GitHub Actions. 

• Experience with engineering/operational support of cloud configuration in AWS, Azure, or Google Cloud 

• Financial Services or other highly regulated Industries experience preferred 

Required Skills/Abilities

• Knowledge in Application, Cloud, and Infrastructure security. 

• Skilled in DevSecOps practices and source control management tools such as GitHub, Bitbucket etc.  

• Skilled in implementing Infrastructure or Policy as Code (Terraform, OPA) 

• Strong understanding of cloud service delivery models: containers, storage, and networks; virtual infrastructure management  

• Familiarity with multiple security, vulnerability and threat frameworks such as NIST CSF, SOC2, ISO 27001, OWASP, EPSS, MITRE, CVSS, etc. 

• Excellent analytical and problem-solving skills. 

• Strong documentation and project management skills. 

• Team oriented individual who can work on any size team. 

• Ability to independently learn and work on multiple subjects and projects with minimal supervision and guidance. 

• Ability to solve problems to independently and consistently handle production/business problems to successful resolution. 

Work Environment

• This job operates in a hybrid, office environment.

#engineering #associate #full-time #LI-SD1 #APEX