Senior Information Security Engineer

Job Description

We have a position for a Senior Information Security Engineer with one of our clients in Remote for an initial contract duration of 6 months. No third party candidates considered for this position.

Job Title: Senior Information Security Engineer

Location: Remote

Department: Information Security / IT

Reports To: CISO

Job Summary:

We are seeking an experienced and proactive Senior Information Security Engineer to lead the implementation and management of enterprise security technologies and compliance initiatives. This role is instrumental in protecting our infrastructure, data, and users by leveraging industry-leading tools such as CrowdStrike, Mimecast, KnowBe4, and Rapid7. The ideal candidate will also bring deep experience working with SOC 2 Type 2 and HITRUST frameworks to support compliance and risk management objectives.

Key Responsibilities:

Security Engineering & Operations

• Manage vulnerability management programs using Rapid7 InsightVM and InsightAppSec.
• Design, implement, and manage security solutions across cloud and on-prem environments.
• Maintain and optimize CrowdStrike Falcon for endpoint detection and response (EDR).
• Administer Mimecast for email threat protection, encryption, and continuity.
• Support SIEM integrations and develop detection rules based on threat intelligence.

Threat Detection & Incident Response

• Lead threat monitoring, investigation, and incident response efforts.
• Conduct root cause analysis and improve response workflows using playbooks.
• Monitor systems using EDR and vulnerability platforms to proactively identify risks.

Compliance & Risk Management

• Support audits and ensure ongoing compliance with SOC 2 Type 2 and HITRUST requirements.
• Conduct control assessments, gap analyses, and support remediation efforts.
• Collaborate with internal stakeholders and auditors on evidence collection and documentation.
• Stay current on regulatory changes and emerging compliance frameworks.

Security Awareness & Training

• Manage the company’s security awareness program using KnowBe4.
• Run phishing simulations, analyze results, and improve training content and delivery.
• Promote a culture of security awareness across all departments.

Policy, Documentation & Collaboration

• Develop and maintain security policies, procedures, runbooks, and system documentation.
• Collaborate with IT, DevOps, and Product teams to integrate security into all phases of operations and development.
• Assist in third-party vendor assessments and due diligence processes.

Qualifications:

Education & Experience

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• 5+ years of experience in cybersecurity or information security engineering roles.
• Hands-on experience supporting or leading compliance programs for SOC 2 Type 2 and HITRUST.

Technical Skills

• Proficiency with security tools and platforms, including CrowdStrike, Mimecast, KnowBe4, and Rapid7.
• Strong knowledge of enterprise security architecture, cloud security (AWS, Azure, or GCP), and network security principles.
• Experience with SIEM, vulnerability scanning, endpoint protection, and incident response.

Certifications (preferred)

• CISSP, CISM, OSCP, CEH, GIAC, or similar industry-recognized certifications.

Soft Skills

• Strong communication, documentation, and collaboration skills.
• Ability to manage multiple priorities in a fast-paced, dynamic environment.