Information Security Engineer

Role Overview: As a Senior Information Security Engineer, you will lead vulnerability assessments and policy compliance scans across various environments, including on-premises, cloud, containers, databases, and web platforms. Utilizing tools like Qualys, you will validate scan results, eliminate false positives, and deliver accurate reports to stakeholders. Your role will involve analyzing findings, diagnosing root causes, and guiding remediation efforts as a technical subject matter expert. Developing and maintaining a knowledge base to support continuous improvement and staying updated on emerging threats and tools for recommending service enhancements will be key responsibilities. Effective communication of security requirements and the ability to act as an interim team lead when needed are also essential aspects of this role. Key Responsibilities: - Lead vulnerability assessments and policy compliance scans using tools such as Qualys - Validate scan results, eliminate false positives, and deliver accurate reports to stakeholders - Analyze findings, diagnose root causes, and guide remediation efforts - Develop and maintain a knowledge base for continuous improvement - Stay updated on emerging threats, tools, and advancements in vulnerability management - Recommend service enhancements based on the latest industry developments - Effectively communicate security requirements across the organization - Step in as an interim team lead when necessary Qualifications Required: - Minimum 8 years of experience in information security - Bachelor's degree in Engineering, Computer Science, Information Technology, or equivalent - Industry certifications such as CISSP, CISA, CISM, CRISC, CCNA, CCNP, or CCIE Security preferred - Proficiency in vulnerability scanning platforms like Qualys and Nessus - Experience with false-positive tuning and compliance frameworks - Knowledge of cloud and on-premises systems, network devices, and infrastructure components - Skills in risk and threat assessment, security policy enforcement - Familiarity with containers, DDI, WAF, CDN, and DDOS solutions - Experience with scripting languages like Python and monitoring tools such as Spectrum, SevOne, ThousandEyes, CyberArk, and MS-Entra-ID advantageous Additional Company Details: Omit this section as there are no additional details of the company mentioned in the job description.,