Information Security Engineer

Summary

Join Keyfactor as an Information Security Engineer and play a key role in safeguarding our organization's data and infrastructure. This remote US-based position requires 5+ years of experience in information security, proficiency in vulnerability scanning tools, and a strong understanding of security standards. You will design, maintain, and improve our security infrastructure, ensuring compliance with regulatory standards like ISO 27001:2022 and SOC 2 Type II. Responsibilities include conducting vulnerability assessments, managing continuous monitoring processes, collaborating with various teams, and responding to security alerts. Preferred qualifications include experience with government compliance frameworks and relevant certifications. Keyfactor offers a comprehensive benefits package including unlimited time off, generous parental leave, and a strong company culture.

Requirements

• 5+ years of experience in information security or a similar role
• Proficiency in vulnerability scanning tools (Nessus, Burpsuite, Tenable, etc…) and interpreting scan results for remediation
• Strong knowledge of security standards
• Demonstrated experience in continuous monitoring, network security, firewalls, VPNs, IDS/IPS, and endpoint protection
• Strong analytical skills and a meticulous approach to problem-solving
• Demonstrated capability to deliver results on-time and to a defined schedule
• Applicants must hold U.S. citizenship or U.S. permanent resident status

Responsibilities

• Experience conducting vulnerability assessments, system audits, and risk analysis using industry-standard scanning tools (e.g., Nessus, Azure security tools, Tenable, Burpsuite, etc…) to support a proactive security posture
• Manage and implement continuous monitoring processes to ensure the organization maintains compliance with a variety of information security frameworks, including ISO 27001:2022 and SOC 2 Type II. Experience with government compliance standards such as FedRAMP (NIST SP 800-53) and CMMC is preferred. This role focuses on ensuring robust security practices and adapting to evolving compliance requirements
• Collaborate closely with IT, DevOps, Engineering, and Compliance teams to enforce security policies, procedures, and best practices
• Actively monitor, analyze, and respond to security alerts and incidents, performing investigations, incident handling, and recommending corrective actions
• Provide expert guidance on security matters to support secure development and operations
• Assist in developing, managing, and updating security documentation, including System Security Plans (SSPs), Plan of Actions & Milestones (POA&Ms), and other Risk Management Framework artifacts required by FedRAMP
• Applying and validating Security Technical Implementation Guides (STIGs) and government guidelines to configure and secure systems according to federal standards across multiple OS’s, system types, and technologies

Preferred Qualifications

• Relevant certifications (e.g., CISSP, CompTIA Security+, CAP) are strongly preferred
• Familiarity with cloud security principles
• Experience with security automation and continuous monitoring tools
• PKI knowledge a plus
• Knowledge of scripting languages (Python, PowerShell) to automate security processes
• Experience in STIG configuration & implementation, and best practices for implementing these in various environments preferred
• Expertise in Government related InfoSec compliance frameworks such as NIST 800-53, NIST 800-171 preferred
• Experience with government-regulated environments (AWS GovCloud, Azure Government) preferred

Benefits

• Second Fridays (a company-wide day off on the second Friday of every month)
• Comprehensive benefit coverage, paid for by the company for you and your dependents (US)
• Generous paid parental leave (US)
• Unlimited time off (US) and competitive time off globally
• Monthly Talent development and Cross Functional meetings to support professional development