Job Description

Overview:

Your Future. Secured. ISC2 is a force for good. As the world's leading nonprofit member organization for cybersecurity professionals, our core values -- Integrity, Advocacy, Commitment, Diversity, Equity & Inclusion and Excellence -- drive everything we do in support of our vision of a safe and secure cyber world. Our globally recognized, award-winning portfolio of certifications provide an independent and globally recognized endorsement of cybersecurity knowledge, skills and experience for all career levels. Our charitable arm, the Center for Cyber Safety and Education, enables ISC2 and our members to serve the public by educating the most vulnerable about cyber risks and empowering access to enter and thrive in the cyber profession. Learn more at ISC2 online and connect with us on Twitter, Facebook and LinkedIn. When you join ISC2, you'll demonstrate your commitment to an inclusive and equitable environment. Your support of the unique perspectives and experiences shared by our global cybersecurity workforce and profession will be recognized. We invite you to take an active role in helping us create a true sense of belonging across our organization -- an environment of authenticity, trust, empowerment and connectedness that empowers all of our successes. Learn more.
Position Summary:

The Security Engineer is a key member or the Security Team, responsible for safeguarding our organization's computer networks and systems. The incumbent will be expected to plan and carry out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks utilizing in-place tools and procedures. This role will work closely with our Infrastructure, Development, and Release teams.
Responsibilities:
Assist with the administration and maintenance of the co-managed Security Information and Event Management (SIEM) platform, including tasks such as configuring event feeds, verifying logging levels, and maintaining alerts, notifications, and reporting dashboards under supervision. Support administration of enterprise application control systems, including applying security policies, performing risk checks on new software installations, and helping integrate alerts with other security tools. Contribute to the implementation and maintenance of Identity and Access Management (IAM) controls, helping ensure consistent application of access provisioning and de-provisioning processes. Participate in vulnerability assessments, penetration testing, and internal audits by collecting evidence, running scans, and drafting preliminary findings. Provide technical support in responding to security incidents, including investigating alerts, performing initial containment actions, and escalating as appropriate. Assist in evaluating submitted software, cloud services, and third-party suppliers by gathering technical details, running scans, and documenting results. Help maintain departmental security documentation, including system diagrams, configuration baselines, and response playbooks. Support the collection and analysis of security metrics and contribute to reporting for management. Collaborate with senior engineers and cross-functional teams on projects, gaining exposure to new technologies and their integration into the environment. Perform other duties, as assigned.

Qualifications:
Familiarity with cyber security frameworks (e.g., NIST CSF, CIS Controls, PCI-DSS or ISO 27001). Experience using reporting and visualization tools such as Power BI or Excel. Exposure to SIEM tools, vulnerability scanners, or ITSM platforms is advantageous. Ability to use Security Assessment tools, identify gaps in security capabilities for third-party suppliers, software deployments, and IT services. Proficient in report generation and technical writing. Practical knowledge and understanding of security risk and compliance, policy management, and governance. Practical knowledge and understanding of risk management frameworks. Practical knowledge and understanding of conducting risk assessments and regulatory compliance. Working knowledge of project planning and execution processes.

Education and Work Experience:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field or five (5) years of professional experience in a cyber security, security operations, or IT security support role and relevant industry certification such as CompTIA Security+, SSCP, or ISC2 Certified in Cyber Security (CC) will be considered in lieu of a degree. 2-3 years of professional experience in a cyber security, security operations, or IT security support role. At least one relevant industry certification such as CompTIA Security+, SSCP, or ISC2 Certified in Cyber Security (CC), or must be willing and able to obtain certification within 12 months of hire.

Physical and Mental Demands:
Ability to travel up to 10% of time, may also include overnight and international travel. Work normal business hours and extended hours when necessary. Remain in a stationary position, often standing or sitting, for prolonged periods. Regular use of office equipment such as a computer/laptop and monitor computer screens. Dexterity of hands and fingers to operate a computer keyboard, mouse, and other computer components.

Equal Employment Opportunity Statement:

All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic as protected by applicable law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.