Security Engineer

Job Description

Security Engineer

Location: Des Moines, IA Job Type: Full-time

Do you have a passion for data security? Are you naturally curious, analytical, and detail-oriented? Do you thrive in a collaborative environment and have experience implementing security best practices? If so, our client is looking for a Security Engineer to help safeguard our technology, network, and data.

This role requires a strong technical background and expertise in networking, data security, and IT security administration.

Key Responsibilities
Security Compliance & Monitoring

• Ensure compliance with our client's Information Security Program and security policies.
• Manage and optimize access review processes to ensure proper data and system access.
• Conduct daily monitoring of security tools (SIEM, firewalls, servers, endpoints) to detect and mitigate threats.
• Perform penetration testing annually, analyze results, and recommend remediation strategies.
• Research, deploy, and manage Palo Alto Firewalls to enhance security monitoring.
• Conduct OWASP penetration testing to identify and mitigate application vulnerabilities.
• Provide recommendations based on monthly external security scans and collaborate on remediation plans.

Threat Management & Incident Response

• Identify and address potential security risks related to network infrastructure, applications, and data.
• Investigate security incidents, gather forensic evidence, and support incident response processes.
• Refine security rules, queries, and filters for SIEM event detection and analysis.
• Support disaster recovery efforts related to cybersecurity threats.

Collaboration & Education

• Work closely with IT Operations to analyze scan results, prioritize risks, and implement best practices.
• Partner with Culture & People teams to educate employees on corporate and IT security policies.
• Conduct third-party and vendor security assessments to ensure compliance with our client's security standards.
• Serve as a security subject matter expert (SME) in internal audits, risk assessments, and client meetings.

Additional Responsibilities

• Ensure PCI compliance and proper security protocols for internet and third-party data access.
• Enforce the use of antivirus, anti-spam, encryption software, and other security tools.
• Stay up to date on emerging security regulations (GLB, SOX, etc.) and implement proactive compliance measures.
• Continuously explore new security technologies and trends to enhance corporate security.
• Serve as a positive role model by representing our client's security expertise and culture.
• Perform other duties as assigned.

Qualifications
Knowledge & Skills

• In-depth understanding of security regulations and corporate asset protection.
• Strong knowledge of Microsoft Active Directory, Cisco firewalls, Azure, switches, and routers.
• Expertise in at least two of the following: networking, data security, IT auditing, or security administration.
• Strong problem-solving and analytical skills to identify security risks and develop solutions.
• Ability to collaborate and communicate complex security concepts to different audiences.
• Highly organized with the ability to manage multiple projects and prioritize tasks effectively.
• Ability to adapt to a fast-paced, ever-changing security landscape.
• Strong written and verbal communication skills.
• Availability to work off-peak hours when necessary to address urgent security risks.

Education & Experience

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).
• Minimum of 6 years of IT-related experience, with at least 2 years in IT security.

Certifications

• Professional cybersecurity certification (e.g., SSCP, CISSP, CISM) required or must be obtained within one year of hire.