UTA Systems
Responsible for communicating with cross-functional Software development Teams to create processes related to automation to reduce manual work or to build software products and automation tools related to Information Security Engineering.
Information Security Engineer is responsible for coordinating with development teams to build secure software products and automated tools aligned with organizational security and compliance standards.
Architect and deploy security controls using Zero Trust and Defense-in-Depth models. Implementation and maintenance of standard ISMS (ISO 27001) , SOC 2 assessments, and third-party risk management.
Perform vulnerability assessments, security audits, and risk reviews using tools like Qualys, Nessus and OpenVAS,. Conduct internal/external IT audits, regulatory reviews, and BIA assessments.
Conduct network traffic analysis, threat detection, and performance monitoring using SIEM tools (Splunk, ArcSight, ELK), while automating compliance audit workflows and incident response via SOAR platforms.
Conduct secure code reviews and application testing (SAST/DAST) using tools like SonarQube and Veracode,; review cybersecurity policies, standards, and ensure compliance with ISO 27001, NIST 800-53, CIS, and HIPAA
Implement and manage NGFWs, WAFs, SWGs, and EDR/XDR platforms (e.g., Palo Alto, Fortinet, Zscaler, CrowdStrike) to safeguard infrastructure.
Design secure hybrid/multi-cloud architectures (AWS, Azure, GCP) and enforce security baselines using native tools (GuardDuty, IAM, Security Center) and IaC scanners (Checkov, Snyk IaC, Terraform Sentinel).
Administer IAM platforms (AD, Azure AD, Okta, Ping), enforce RBAC/ABAC policies, manage PKI and cryptographic operations.
Qualifications &Experience
Bachelor’s degree in Information Security, Cybersecurity, Information Technology, Computer Science, Software Engineering, Computer Engineering, or a related technical field. Equivalent combinations of education, certifications, or work experience are acceptable. 5+ years of experience in Information Security, Cybersecurity, or related domains. Proven experience in securing enterprise IT environments, conducting risk assessments, and implementing compliance frameworks. Experience with cloud-native security tools and hybrid cloud environments is a strong advantage. Industry-recognized certifications such as CISSP, CISM, CEH, CompTIA Security+, OSCP, or equivalent are highly desirable. Strong understanding of cybersecurity frameworks (ISO 27001, NIST 800-53, CIS, SOC 2, HIPAA). Experience with SIEM, SOAR, SAST/DAST tools, and vulnerability scanners. Proficiency in securing cloud infrastructure (AWS, Azure, GCP) and using IaC security tools. Familiarity with IAM platforms, RBAC/ABAC policy enforcement, and cryptographic standards. Knowledge of scripting (e.g., PowerShell, Python, Bash) for automation and audit processes is a plus. Excellent communication, documentation, and stakeholder management skills. Strong analytical thinking, attention to detail, and problem-solving abilities. Ability to work collaboratively with cross-functional teams and independently handle security tasks. Proactive mindset in identifying security risks and recommending mitigations. Commitment to staying current with cybersecurity threats, tools, and regulatory changes. Availability for off-hours incident response or compliance activities as needed.
#J-18808-Ljbffr
Bachelor’s degree in Information Security, Cybersecurity, Information Technology, Computer Science, Software Engineering, Computer Engineering, or a related technical field. Equivalent combinations of education, certifications, or work experience are acceptable. 5+ years of experience in Information Security, Cybersecurity, or related domains. Proven experience in securing enterprise IT environments, conducting risk assessments, and implementing compliance frameworks. Experience with cloud-native security tools and hybrid cloud environments is a strong advantage. Industry-recognized certifications such as CISSP, CISM, CEH, CompTIA Security+, OSCP, or equivalent are highly desirable. Strong understanding of cybersecurity frameworks (ISO 27001, NIST 800-53, CIS, SOC 2, HIPAA). Experience with SIEM, SOAR, SAST/DAST tools, and vulnerability scanners. Proficiency in securing cloud infrastructure (AWS, Azure, GCP) and using IaC security tools. Familiarity with IAM platforms, RBAC/ABAC policy enforcement, and cryptographic standards. Knowledge of scripting (e.g., PowerShell, Python, Bash) for automation and audit processes is a plus. Excellent communication, documentation, and stakeholder management skills. Strong analytical thinking, attention to detail, and problem-solving abilities. Ability to work collaboratively with cross-functional teams and independently handle security tasks. Proactive mindset in identifying security risks and recommending mitigations. Commitment to staying current with cybersecurity threats, tools, and regulatory changes. Availability for off-hours incident response or compliance activities as needed.
#J-18808-Ljbffr