Information Security Engineer
- - IT - Security
- Middleton, WI, USA
- Full Time
- Medical, Dental, Vision,Open Vacation Plan; Matching 401(k); Co. Paid Life Ins, STD, LTD; Generous Paid Sick & Family Bonding Leave; Tuition & Educational Reimbursements
Information Security Engineer
Want to join an exciting and collaborative company that offers competitive compensation and benefits packages – including an innovative open vacation plan; generous paid sick and family bonding leave; fully vested matching 401k; Company Paid Life Insurance, Short Term & Long Term Disability plans; professional and educational growth opportunities, flexible and casual work environment, and recognition for exceptional performance?
CapSpecialty seeks an Information Security Engineer. The role of the Information Security Engineer is to partner with various business and IT stakeholders in recommending, engineering, operationalizing, and administering CapSpecialty's cybersecurity components to:
- Mitigate internal and external risks
- Meet company and regulatory compliance requirements
- Provide comprehensive operational monitoring and reporting
The Information Security Engineer will participate in compliance reviews and reporting of internal and regulatory requirements and security best practices that ensure the availability, integrity, and confidentiality of data and other IT assets. The Information Security Engineer will be responsible for providing periodic off-hour support, e.g., evenings and/or weekends, as needed.
- Provide subject matter expertise, recommendations, guidance, and support to ensure the necessary risk-based / cost-effective security architecture and safeguards are in place and operating effectively to protect data and other IT assets from intentional or inadvertent modification, disclosure, or destruction.
- Participate in the procurement and then lead in the configuration, deployment, operation, and monitoring of enterprise-wide security initiatives.
- Engage stakeholders to elicit requirements and facilitate discussions as needed. Develop and execute a requirements attainment strategy for new projects. Track project status/deliverables and assist in the completion of software documentation and training material.
- Participate in establishing, and perform ongoing monitoring and reporting to management on, the Key Risk Indicators (KRI's) and Key Performance Indicators (KPI's) of assigned cybersecurity program components; perform miscellaneous additional operational tasks of varying periodicity, as assigned.
- Participate in the investigation of IT security incidents and lead or assist, as necessary, subsequent incident response activities.
- Interact closely with the Network, Applications and Database teams regarding items directly or indirectly pertaining to security and provide security mentoring; monitor work to ensure security best practices are being followed and compliance obligations are being met.
- Provide problem resolution support, as needed, and contribute to other activities, as assigned.
- Participate with outside vendors and internal staff to conduct independent security audits / gap assessments, perform review of adverse findings, recommend mitigations, and help evolve the IT Security strategy / roadmap.
- Participate in the development, implementation, enforcement and maintenance of company security policies and associated documents which address approved best practices and compliance requirements.
Education and Experience:
- BS Degree in Computer Science or equivalent, with 7 years of network engineering, systems administration, public cloud, software development or IT security experience.
- Proven understanding of security controls and technologies including firewall, SIEM, DLP, WAF, and IPS.
- Familiarity with compliance and security standards and guidelines such as: NIST, CIS, ISO 27001/2, PCI DSS, is desirable.
- Familiarity with enterprise identity access management and namespace services (e.g., Active Directory, LDAP, DNS, Oauth, SAML, Public Cloud IAM), is desirable.
- Expertise with enterprise certificate management and PKI services.
Provide guidance, direction, and support to the rest of CapSpecialty and the Information Technology team.
- Working knowledge of network/security infrastructure, and data center modeling, analysis, and planning.
- Experience with implementing cloud security principles and practices.
- In-depth knowledge of security and network operations.
- Must be able to track project status/deliverables, identify issues/risks, and assist in the completion of documentation, training material, and mentoring.
- Proven ability to deal well with ambiguity, prioritizing needs and delivering measurable results in an agile, fast-paced environment. Excellent analytical, problem solving, and time-management skills.
- The ability to develop collaborative working relationships across various technical and business units.
- Excellent oral and written communication skills. Ability to present complex technical topics to a wide range of internal and external audiences.
- Must be highly self-motivated requiring minimal direction.
- High levels of enthusiasm, energy, and goal-orientation.
CapSpecialty is a leading provider of specialty insurance and bonds for small- to mid-sized businesses in the U.S., offering commercial Casualty, Professional Liability, Surety and Fidelity products in all 50 states and the District of Columbia. By working with select partners through a limited distribution model, CapSpecialty's creative, hard-working team provides personalized service and cultivates mutually successful partnerships to deliver positive results. CapSpecialty's carriers have an A ("Excellent") rating from A.M. Best, writing both admitted and non-admitted policies on the paper of Capitol Indemnity Corporation, Capitol Specialty Insurance Corporation and Platte River Insurance Company – Berkshire Hathaway companies. For more information please visit CapSpecialty.com.
Equal Employment Opportunity Employer
Sign Up For Job Alerts
Follow Us On Social Media