SUMMARY:

 

The Information Security Engineer is responsible for assisting in securing the production network, collaborating with cybersecurity leadership, and working with other IT teams to maintain and enhance Pace's cybersecurity posture.

 

ESSENTIAL FUNCTIONS:

Support and improve the cybersecurity posture across all Pace environments. Collaborate with cybersecurity vendors to address threats identified through monitoring systems. Work closely with internal IT teams to implement ongoing security improvements. Participate in incident response activities and assist in resolution. Provide operational security and safety guidance to managers and staff for higher-risk projects and activities. Ensure systems are regularly patched, and automation/tools are in place to protect internal systems. Identify security vulnerabilities in services or processes and collaborate with teams to strengthen security practices. Manage internal security-related tools and services, including endpoint protection and endpoint patching. Participate in change management processes related to security. Stay up-to-date with the latest information security trends, research, and training; serve as a subject-matter expert for Pace. Contribute to the department's efficiency and effectiveness by providing suggestions and actively participating in work teams. Promote a positive, cooperative, and effective workplace environment when interacting with staff and customers. Contribute to the creation and enforcement of security policies, procedures, and standards to ensure alignment with industry best practices and regulatory requirements. Assist in internal and external audits to ensure compliance with security standards, regulations, and policies. Document security incidents and breaches, providing thorough analysis and post-mortem reports to ensure lessons are learned and future risks are mitigated. Participate in continuous improvement initiatives by identifying opportunities to optimize security processes and improve response times to incidents. Support security awareness training programs to promote best practices and mitigate risks.

QUALIFICATIONS:

 

Education and Experience:

Associate's or Bachelor's degree in computer science, information systems, cybersecurity, or a related field. Four (4) years of professional experience in infrastructure or security roles, or an equivalent combination of education, training, and experience.

Required Knowledge:

Basic understanding of firewall configuration, management, and updates. Knowledge of IAM best practices, including SSO, MFA, and RBAC. Knowledge of network protocols (e.g., TCP/IP, DNS, HTTP/HTTPS) and their relation to security practices. Understanding of cryptographic protocols (SSL/TLS, AES, RSA) and key management practices. In-depth knowledge of EDR solutions and their use in detecting, investigating, and responding to threats. Knowledge of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and GDPR, as well as their practical implementation. Ability to create clear documentation and user instructions. Understanding of customer/employee support practices, including troubleshooting, ticket management, and resolving technical issues in a timely and professional manner. Knowledge of desktop operating systems (e.g., Windows, Linux) and common software applications, with the ability to troubleshoot and resolve hardware and software issues. Proficiency in correct business English, including spelling, grammar, and punctuation.

Required Skills:

Ability to assess, prioritize, and mitigate vulnerabilities, as well as work with vulnerability management tools. Knowledge of hardening Linux and Windows environments. Basic knowledge of scripting languages (e.g., Python, PowerShell) for automating security tasks. Strong skills in incident detection, containment, eradication, and recovery. Knowledge of risk management principles, including identifying, evaluating, and mitigating security risks. Ability to prepare clear, concise documentation, reports, and user instructions. Familiarity with conducting or supporting audits related to compliance. Capacity to work independently and use initiative within established procedural guidelines. Strong teamwork skills and ability to contribute effectively to achieving team goals. Ability to clearly communicate technical findings to non-technical stakeholders and write detailed security reports. Strong communication and problem-solving skills for providing efficient and effective support to both customers and employees, including managing service requests, tracking issues, and providing follow-up as needed. Proficient in diagnosing and resolving issues, including software installation, hardware troubleshooting, system updates, and user account management.

PHYSICAL/MENTAL REQUIREMENTS:

The physical demands described herein are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Mobility to work in an office setting, use standard office equipment, and stamina to sit for extended periods of time. Strength to lift and carry up to 20 pounds. Vision to read printed materials and computer screens. Hearing and speech to communicate in person or over the telephone.

 

WORKING ENVIRONMENT:

Work is performed in an office or home office setting.