Senior Information Security Engineer

Summary

Join Brooks' Information Security team as a Senior Information Security Engineer to lead critical security initiatives. You will serve as a security consultant to internal IT, designing and implementing security controls across our infrastructure. This role requires a deep understanding of security technologies and a proven track record in improving information security programs. You will be responsible for incident handling, maintaining situational awareness, and advocating for security best practices within the business. Brooks offers a competitive salary, robust benefits package including medical, dental, vision, life insurance, disability insurance, 401k, paid time off, and more. This is a significant ownership opportunity to contribute to Brooks' continued success.

Requirements

• Bachelor’s degree in IT, Computer Science or related discipline preferred
• 7 years’ experience maturing and improving information security programs
• Comfortable leveraging outside experts for implementation assistance and support
• System engineer level understanding of infrastructure technologies such as Active Directory, virtualization, and Windows operating systems
• Functional knowledge of modern networking protocols such as TCP/IP, IPSEC, VPN, MPLS, and SD-WAN
• Understanding of cyber kill chain as it relates to attacks by cyber-criminals against corporations
• Experience implementing security controls including IDS/IPS, firewalls, EDR, MFA, SSO, PAM, and email filtering
• Experience using SIEM tools for log collection, incident detection, and investigation
• Excellent written and verbal communication skills
• Persuasive negotiator able to exert influence without authority
• Experience identifying cost-effective solutions for complex problems within corporate enterprise
• Excellent analytical, troubleshooting, and problem-solving skills
• Solid grasp of vulnerability management, including an understanding of the process and activities associated with vulnerability identification and remediation
• Demonstrated ability to identify security events based on network, computer, and user behavior and investigate to eliminate false positives
• Demonstrated ability to identify security vulnerabilities in proposed solutions and suggest alternatives that accomplish business goals while reducing risk
• Experience hardening and applying modern security standards across servers, workstations, SaaS-based solutions, and network equipment
• Demonstrated track record staying up to date with Information Security and threat intelligence knowledge across the security and tech communities
• Knowledge of security frameworks and methodologies such as CIS Top 18, NIST Cybersecurity Framework, and PCI DSS
• Remain flexible in your point-of-view to support the direction taken by the business
• Possess solid understanding of cryptography basics (public/private keys, TLS certificates, PKI, etc.)

Responsibilities

• Ensure the rigorous application of cybersecurity policies, principles, and practices in the delivery of all IT and cybersecurity services
• Design, and implement cost-effective, controls to reduce business risk from real-world attacks such as ransomware, DDoS, data theft, and account takeovers
• Design and optimize our network boundary protections and sensitive data flows using tools such as firewalls, VPNs, IPS/IDS, CASB, wireless security, network access controls, and web and email security
• Implement and support Single Sign-on, PAM, Multi-factor Authentication, Enterprise Mobility Management, security certificates and the SIEM solutions
• Identifies, plans, and documents improvements to security controls already in place
• Play an advisory role in IT projects to assess security requirements and controls and to ensure that security controls are implemented
• Lead or manage efforts on penetration testing, code reviews, design/architecture, and system security reviews
• Assess applications and the associated data flows for risk to sensitive data, systems, or infrastructure
• Provide management and business clients with information related to security and threat trends to protect the company from internal and external intrusions and risks
• Act as an agent of security awareness, foster and influence good internal information security practices through presentations, training, and other communication opportunities
• Act as an escalation point in the investigations of cyber alerts, events, and incidents to ensure thorough investigation and response
• Review and recommend improvements to incident response process and procedures and lead annual exercises
• Validate Hardware and Software Inventories
• Ensure all systems and devices on the company network are adequately patched and hardened
• Maintain a current awareness of information security issues and trends and provide educational briefings to peer groups within the Information Technology department
• Maintain professional security certifications and accreditations
• Other responsibilities as required

Preferred Qualifications

Professional certifications such as GCIH, CISSP, CySA+ a plus

Benefits

• Medical, dental, vision, life and AD&D insurance, disability insurance, HSA and employer contribution, FSA, family & fertility assistance, 401K Savings Plan and match, employee assistance program, and transportation assistance
• Up to five weeks of paid time off, eleven paid holidays, paid sick and parental leave
• Annual bonus based on company performance
• Product discounts, employee recognition, fitness discounts, volunteer and donation benefits