Information Security Engineer II

Deliver security requirements and coordinate information security risk assessments to ensure compliance with the Cooperative policy, standards, procedures, and industry best practices. Assist with the assessment of security risks associated with new applications and products, provide security requirements based on the Information Security Policy, coordinate vulnerability assessments, and present an overall risk assessment for the project. This role will focus on the engineering aspect of Information Security.

Job Duties and Responsibilities:

• Anticipate prevention of possible security threats and identify areas of weakness
• Serve as the primary Information Security Engineer for all Applications, Platforms, and Environments
• Provide Engineering support and threat analysis to maintain infrastructure compliance
• Assist with troubleshooting and resolve system incidents with various teams
• Remediate identified security vulnerabilities and findings
• Partner with cross-functional teams in designing and working with different team Architects for solutioning
• Apply Security Standards & Controls to Daily Operations & Practices
• Recommend specific measures, process improvements, and best practices to improve the security posture
• Design, implement, and maintain IT security systems
• Review Threat Intelligence reports and feeds, and make recommendations for profile or toolset changes
• Provide on-call responsibilities outside of regular business hours, as needed
• Perform, review, and analyze security vulnerability data to identify applicability and false-positives
• Perform information security due diligence during vendor onboarding
• Collaborate with other departments in their daily security requirements
• Cultivate a culture of security awareness and arrange continuing education of personnel to ensure security policies are always adhered to
• The requirements herein are intended to describe the general nature and level of work performed by employee, but is not a complete list of responsibilities, duties, and skills required. Other duties may be assigned as required

Minimum Requirements:

Education and Experience

• Bachelor's degree in Information Technology, Computer Science or related field preferred
• 3 to 5 years of experience in information security and/or IT risk management with a focus on security, performance, and reliability
• Experience and knowledge in system and network administration across multiple platforms and environments is required
• Progressively increasing experience in the Information Technology and Security field
• Experience across the information security domain, such as endpoint security, SIEM, IDS/IPS, identity management, vulnerability management, incident response, and threat intelligence
• Experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating diverse data sets
• Experience with MDM/MAM Solutions is preferred
• Certification and/or License -

Knowledge, Skills and Abilities

• Broad technical knowledge of current and emerging cyber threats, as well as security technologies and methods used to protect both corporate, plant, and customer-facing network infrastructures.
• Able to work as a team member to consult with internal teams on security topics, providing designs, reviews, and recommendations in compliance with the Cooperative policy, standards, procedures, and industry best practices
• Knowledge and understanding of NIST, ISO 27001, or any security framework
• Knowledge and understanding of security endpoint, vulnerability, risk, and forensic logging
• Knowledge and solid understanding of security engineering, security protocols, cryptography, authentication, authorization, access
• Knowledge and experience implementing security solutions with design understanding of technology integration
• Able to interact with a broad cross-section of personnel to explain and enforce security measures
• Excellent written and verbal communication skills
• Excellent teaching, problem-solving, communication, and interpersonal skills
• Able to exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Android, iOS, and Web
• Able to flow from black box to grey box to white-box tests
• Able to effectively work with the engineering teams to provide technical risk assessment of technologies in networks, applications, code reviews in the release management cycle
• Able to perform vulnerability assessments and penetration testing, utilizing tools - commercial and open source.
• Able to write technical reports that include suggested resolution for identified problem areas and perform the operational risk assessment
• Must be able to read, write and speak English

An Equal Opportunity Employer