Description:
As an Information Security Engineer III, you bring mid-level cybersecurity expertise and the ability to handle complex security engineering tasks with minimal supervision. You collaborate across teams to strengthen the organization’s security posture and play a critical role in designing, implementing, and maintaining secure systems across both on‑premises and cloud environments.
You naturally embed security into IT projects, proactively identify vulnerabilities, and automate controls to reduce risk. Your strong technical foundation in infrastructure, cloud, and application security allows you to partner effectively with development, DevOps, and IT operations teams to ensure security is built into every stage of the software development lifecycle. You also contribute to incident response efforts and mentor junior engineers, driving continuous improvement in security engineering practices.
“I am the person Capital Group is looking for.”
- You own and drive small to medium security projects or work‑streams that enhance the organization’s defenses.
- You conduct advanced threat modeling and in‑depth risk assessments for complex systems to uncover vulnerabilities and drive implementation of secure design patterns or automated controls to mitigate these risks.
- You ensure that configurations align with security policies and that new systems are built with secure defaults.
- You work with software engineers and system owners to prioritize and remediate complex, multi‑service vulnerabilities and misconfigurations.
- You drive strategic security planning and governance by developing and refining security policies, standards, and reference architectures that incorporate industry best practices and address emerging threats.
- You collaborate with senior leadership and cross‑functional teams to ensure security initiatives and roadmaps align with business objectives and compliance requirements.
- You work closely with cross‑functional teams — including DevOps, IT operations, software development, and product management — to embed security into every stage of system development and deployment.
- You translate security findings into actionable tasks for others and follow up to ensure these are implemented.
- You provide technical leadership through activities such as code reviews, design consultations, and hands‑on training sessions, guiding team members in solving complex security challenges and promoting best practices.
- You collaborate with senior leadership and cross‑functional teams to ensure security initiatives and roadmaps align with business objectives and compliance requirements.
- You perform additional responsibilities as assigned.
Required Skills
- You have a Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
- You have a minimum of 3–5 years of experience in core security principles across multiple domains, including identity and access management, cryptography, and network security protocols (e.g., TLS, SSH), as well as secure coding fundamentals.
- You have hands‑on experience applying security frameworks like NIST SP 800‑53 and CIS Benchmarks to harden systems and ensure compliance with best practices, as well as evaluating system configurations against these standards.
- You are proficient in scripting and automation (e.g., Python, PowerShell, or Terraform) to streamline security operations. This includes creating scripts or using IaC for automated patch management, secure‑default environment buildouts, and continuous compliance checks. Experience integrating security tools into CI/CD pipelines is a strong plus.
- You have demonstrated experience in performing security analysis and solving complex problems.
- You have excellent teamwork skills, with the ability to work cross‑functionally and communicate effectively.
- You can mentor junior team members or interns by sharing knowledge and best practices.
- You have professional certifications that demonstrate security knowledge, such as CompTIA CySA+, GSEC, AWS Solutions Architect – Associate, or Azure Security Engineer Associate a plus.