Information Security Engineer

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Information Security Engineer based in United States.

This role plays a key part in strengthening enterprise security operations, ensuring robust protection of systems, data, and cloud environments across a complex technical ecosystem. You will be responsible for advancing vulnerability management, incident response, and continuous compliance with leading security frameworks such as ISO 27001 and SOC 2 Type II. Working closely with engineering, DevOps, IT, and compliance teams, you will help embed secure-by-design principles into infrastructure and development workflows. The position offers broad exposure to modern security tooling, automation practices, and cloud security environments. It is ideal for a hands-on security professional who thrives in operational security as well as strategic improvement initiatives. You will also contribute to maturing security processes, improving detection and response capabilities, and reducing organizational risk exposure. This is a high-impact role where your work directly strengthens the overall security posture and resilience of the organization.

This role is responsible for executing and improving security operations, vulnerability management, incident response, and compliance monitoring across enterprise systems, while partnering with cross-functional teams to ensure secure and compliant environments.

• Lead vulnerability assessments, security audits, and risk analysis using industry tools such as Nessus, Tenable, and Burp Suite, ensuring timely remediation of identified issues.
• Monitor, investigate, and respond to security alerts and incidents, performing root cause analysis and recommending corrective actions to strengthen defenses.
• Maintain and enhance continuous compliance programs aligned with frameworks such as ISO 27001:2022 and SOC 2 Type II, with exposure to NIST-based standards.
• Collaborate with IT, DevOps, Engineering, and Compliance teams to enforce security policies, best practices, and secure system configurations.
• Support and improve security monitoring, automation, and tooling for endpoints, networks, cloud environments, and identity systems.
• Contribute to security documentation, reporting, and process improvements to enhance organizational maturity and operational efficiency.

Requirements:

This position requires strong hands-on experience in information security operations, vulnerability management, and compliance frameworks, along with the ability to work cross-functionally in technical environments.

• 5+ years of experience in information security, cybersecurity engineering, or a related technical security role.
• Strong experience with vulnerability scanning tools (Nessus, Tenable, Burp Suite) and interpreting results for remediation.
• Solid understanding of security frameworks such as ISO 27001, SOC 2, and familiarity with NIST 800-53 / 800-171 preferred.
• Experience with security operations including incident detection, response, and root cause analysis.
• Knowledge of network security concepts such as firewalls, VPNs, IDS/IPS, endpoint protection, and cloud security principles.
• Familiarity with automation and scripting (Python, PowerShell) for security workflows is highly desirable.
• Relevant certifications such as CISSP, Security+, or equivalent are strongly preferred.
• Strong analytical mindset, attention to detail, and ability to manage tasks in fast-paced environments.

Benefits:

• Competitive compensation based on experience
• Medical, dental, and vision insurance coverage
• 401(k) retirement savings plan
• Paid time off, parental leave, and global holiday programs
• Wellness and employee assistance resources
• Flexible and remote-friendly work environment
• Professional development and training opportunities
• Additional global benefits depending on eligibility and location