As an information security engineer, you have experience implementing components of information security solutions and processes, enjoy new challenges & fast-paced initiatives, have the knowledge and technical expertise to take on new challenges within the information security program, and have performed roles in security operations. You thrive to search and eliminate vulnerabilities through your own prowess in threat hunting or leading a team of service providers to perform this role. You are a key resource in assisting with projects across multiple domains including network security, risk/vulnerability management, SaaS solutions, and automation. In this role, you will collaborate with other members of the Infrastructure and Security teams to ensure IT services are running properly.
- Assist with the implementation and operations of various security domains including vulnerability management, network security, data security, patch management, penetration testing, security operational alerts, threat hunting, IAM, lifecycle mgmt., CASB, endpoint detection & response, or other critical area of our service.
- Work with new information security solutions that balance business requirements with information and cybersecurity requirements.
- Review current system security measures, recommend, and implement enhancements to improve or maintain IEM Information Security posture.
- Partner with GRC resources to optimize policies, develop baseline and standards, and assist with roadmap planning.
- Assist with the planning and design of security architectures for various business needs including new SaaS implementations, integrations, key R&D / Manufacturing projects, IT infrastructure, and automations.
- Document and update security procedures and standards.
- Carry out the supervision and delivery of network and server projects and modify/tweak systems so as to improve output
- Responsible for the regular review, maintenance, and upgrade of network services
- Upgrade and configure network and servers system software that supports Company’s infrastructure applications per project or operational needs.
- Perform ongoing performance tuning, hardware upgrades, and resource optimization as required.
- Responding to and triaging alerts for network and servers systems
- Perform troubleshooting of issues and write RCA documentation as appropriate
- Collaborate with other IT functions; Provide advisory level services include solution design and architecture support.
- Maintain security by monitoring and ensuring IEM systems are meeting the compliance needs of the organization
- Investigate security related alerts and analyze events for impact and escalation
- Assist in preparing documentation and solutions that remediate security issues and cyber incidents.
- Work closely with other members of the security operations and engineering team.
- Stay current on information security trends and news, including researching emerging technologies and maintain awareness of current security risks.
- Participate in security vulnerability assessments and penetration tests on systems and applications.
- Participate in periodic policy compliance reviews, risk assessments, and control testing with evidence collection.
- Participate in internal security audits and investigations.
- Participate in rotating on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business.
· Education & Experience:
o Bachelor's degree in Computer Science, Information Systems, a related field, or equivalent work experience, is required.
o Hands-on Information Security management experience.
o 12+ years of total technical experience in IT networking systems such as network & Firewalls, VLANs, Layer2 topologies, wireless, and routing.
o Demonstrated ability to utilize emerging technologies to design and implement security solutions; monitoring and improving those solutions while working with an information security team
o Experience with designing security solutions for on premise and cloud computing, including protections against data breaches, hacking, account hijacking, malicious insiders, third parties, authentication attacks, APTs, data loss, and DoS attacks
o Experience with identity and access management and privilege account management; tracking and creating/enforcing policies that govern access sensitive technology resources and information assets
o Minimum of 3 years of hands-on experience in an Information Security role.
o Manufacturing / hi-tech industry experience a plus.
· Technical Skills:
o Knowledge of the following areas: Network, Data Centers (On-Premise and Cloud), Windows and Linux Security, Networking Security, Vulnerability Management, Cloud Security, Identity and Access Management, Data Classification & Prevention techniques, Security Operations concepts, and procedures including Red Team / Blue Team exercises, active threat hunting, and / or incident response management & reporting
o Understanding of security concepts and hands-on with tools and systems such as firewalls, IDS/IPS, SIEM, EDR, NDR, manage antivirus/antimalware, patch management, NAC, IOT, DLP, and vulnerability scanners.
o Industry certification is a plus: GIAC Security Essentials, Certified Ethical Hacker, GIAC Certified Incident Handler, Certified Security Administrator (firewall), CISSP, CISA, CISM, CompTIA Security+, Cisco CCNP, VMWare VCP, Microsoft, other relevant certifications.
o Programming knowledge, a plus (Perl, Python, C, PowerShell, Ruby, SOAP, XML, Java/Hadoop).
o Knowledge of compliance and regulatory program requirements a plus (such as SOX, SOC, CIS, NIST, ISO standards).
· Language Skills:
o Excellent written and verbal communication skills, demonstrating the ability to write with purpose, clarity, and accuracy to both technical and non-technical audiences.
· Other Skills, Abilities, and Qualifications:
- Effective critical thinking and analytical skills
- Proven technical leadership, project, and team-building skills, including the ability to lead initiatives
- Self-motivated, organized, and able to multi-task, prioritize, and adhere to deadlines.
- Able to operate independently and effectively.
Schedule: This is a permanent, full-time remote position. Upon request, you must be willing to travel to our South Surrey office location at your manager’s discretion.
About IEM Canada:
IEM Canada, (Industrial Electric Mfg. Canada, Inc. in Surrey, BC is the largest independent full-line manufacturer of custom electrical distribution and power quality equipment in North America. This position offers an opportunity with a very employee-oriented company with competitive compensation and good benefits.