Information System Security Engineer (Pipeline)

Electrosoft

$90K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's in Computer Science, Information Security, or a related field.
  • 5+ years in information security with an emphasis on risk assessment and vulnerability management.
  • Strong grasp of vulnerability management frameworks like NIST 800-53, OWASP.
  • Familiarity with vulnerability scanning and penetration testing tools such as Nessus, Qualys, and Metasploit.
  • Proficient in various operating systems (Windows, Linux) and associated security protocols.
  • Experience with automation scripting using Python or PowerShell.
  • Strong analytical, problem-solving, and communication skills.
  • Preferred relevant certifications (CISSP, CISA, CISM, OSCP, CEH).

Responsibilities

  • Plan and conduct comprehensive security risk assessments.
  • Analyze business impacts and assess vulnerability data to define risk levels.
  • Maintain a risk register to track mitigation plans and remediation efforts.
  • Perform regular vulnerability scans using industry-standard tools.
  • Prioritize identified vulnerabilities for timely remediation and patching.
  • Enhance the vulnerability management process through automation.
  • Deliver security awareness training on best practices to staff and stakeholders.
  • Ensure compliance with security regulations and prepare related reports.

Benefits

  • Opportunities for professional development and training.
  • Flexible work environment with options for remote work.
  • Participation in industry conferences and seminars.
  • Access to the latest security tools and technologies.
  • Health and wellness programs to support staff well-being.
Full Job Description
Summary:

The Security Engineer - Risk & Vulnerability Management is a key member of the Information Security team, responsible for proactively identifying, assessing, and mitigating security risks associated with the organization's servers, software applications, and cloud infrastructure. This role requires a deep understanding of vulnerability management best practices, and risk assessment frameworks. The Security Engineer will work closely with IT teams to ensure timely remediation of vulnerabilities and the implementation of effective security controls.

Responsibilities:
  • Risk Assessment & Management:
    • Plan, execute, and document comprehensive security risk assessments of servers (on-premise and cloud), software applications (web and desktop), and infrastructure components.
    • Analyze business impact, threat landscape, and vulnerability data to determine overall risk posture.
    • Develop and maintain a risk register, tracking identified risks, mitigation plans, and remediation progress.
    • Contribute to the development and maintenance of the organization's risk management framework.
  • Vulnerability Management:
    • Perform regular vulnerability scanning using tools such as Nessus, Qualys, Rapid7 InsightVM, or similar.
    • Analyze scan results, identify false positives, and prioritize vulnerabilities for remediation.
    • Collaborate with system administrators, developers, and other IT teams to ensure timely patching and remediation of vulnerabilities.
    • Track and report on vulnerability remediation progress.
  • Security Tooling & Automation:
    • Maintain and improve vulnerability scanning infrastructure.
    • Develop and implement automation scripts to streamline vulnerability management processes.
    • Evaluate and recommend new security tools and technologies to enhance risk assessment and vulnerability management capabilities.
  • Security Awareness & Training:
    • Develop and deliver security awareness training to IT staff and other stakeholders on risk assessment and vulnerability management best practices.
  • Compliance & Reporting:
    • Ensure compliance with relevant security standards and regulations (e.g., PCI DSS, HIPAA, GDPR).
    • Prepare reports on risk assessment findings, vulnerability remediation progress, and overall security posture.
  • Thought Leadership & Customer Engagement:
    • Research and write white papers, blog posts, or articles on emerging cyber threats, security trends, and best practices.
    • Develop actionable recommendations for customers to improve their security posture based on the latest threat intelligence and industry trends.
    • Present findings and recommendations to customers and internal stakeholders.

Basic Qualifications:
  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • 5+ years of experience in information security, with a strong focus on risk assessment and vulnerability management.
  • In-depth understanding of vulnerability management frameworks (e.g., NIST 800-53, OWASP).
  • Experience with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7 InsightVM, OpenVAS) and penetration testing tools (e.g., Metasploit, Burp Suite).
  • Strong knowledge of common operating systems (Windows, Linux), networking protocols, and web application security.
  • Experience with scripting languages (e.g., Python, PowerShell) for automation.
  • Excellent analytical, problem-solving, and communication skills.
  • Relevant 8140 security certifications (e.g., CISSP, CISA, CISM, OSCP, CEH) preferred.
  • Experience with cloud security (AWS, Azure, GCP)

Similar Jobs

More Jobs at Electrosoft

More Information Technology Jobs

Find similar Information System Security Engineer (Pipeline) jobs: