Senior Information Security Engineer

As a Senior Information Security Engineer, your primary role will be to lead vulnerability assessments and policy compliance scans across various environments such as on-premises, cloud, containers (Docker/Kubernetes), databases, and web using tools like Qualys. You will be responsible for validating scan results, eliminating false positives, and delivering accurate, actionable reports to stakeholders. Additionally, you will serve as a technical subject matter expert by analyzing findings, diagnosing root causes, and guiding remediation efforts. It will be important for you to develop and maintain a knowledge base to support continuous improvement and team expertise. You are also expected to stay current on emerging threats, tools, and vulnerability management lifecycle advancements, and recommend service enhancements. Effective communication of security requirements across the organization and the ability to step in as an interim team lead when necessary will be crucial. Key Responsibilities: - Lead vulnerability assessments and policy compliance scans using tools like Qualys - Validate scan results, eliminate false positives, and deliver accurate reports - Serve as a technical SME by analyzing findings, diagnosing root causes, and guiding remediation efforts - Develop and maintain a knowledge base to support continuous improvement - Stay updated on emerging threats and recommend service enhancements - Communicate security requirements effectively and step in as interim team lead when required Qualifications Required: - 8+ years of experience in information security - Bachelor's degree in Engineering, Computer Science, IT, or equivalent - Industry certifications preferred: CISSP, CISA, CISM, CRISC, CCNA/CCNP/CCIE Security In addition to technical expertise with vulnerability scanning platforms, false-positive tuning, and compliance frameworks, you should also be proficient across cloud, on-premises systems, network devices, and infrastructure components. Skills in risk/threat assessment, security policy enforcement, containers, DDI solutions, and WAF/CDN/DDOS solutions will be valuable. Knowledge of scripting (Python) and monitoring tools like Spectrum, SevOne, ThousandEyes, CyberArk, and MS-Entra-ID will be advantageous. Your soft skills should include excellent analytical, communication, and report-writing abilities, strong organizational and time-management skills, and demonstrated leadership qualities. Being an adaptable self-starter committed to continuous learning and proactive problem-solving is essential for this role. As a Senior Information Security Engineer, your primary role will be to lead vulnerability assessments and policy compliance scans across various environments such as on-premises, cloud, containers (Docker/Kubernetes), databases, and web using tools like Qualys. You will be responsible for validating scan results, eliminating false positives, and delivering accurate, actionable reports to stakeholders. Additionally, you will serve as a technical subject matter expert by analyzing findings, diagnosing root causes, and guiding remediation efforts. It will be important for you to develop and maintain a knowledge base to support continuous improvement and team expertise. You are also expected to stay current on emerging threats, tools, and vulnerability management lifecycle advancements, and recommend service enhancements. Effective communication of security requirements across the organization and the ability to step in as an interim team lead when necessary will be crucial. Key Responsibilities: - Lead vulnerability assessments and policy compliance scans using tools like Qualys - Validate scan results, eliminate false positives, and deliver accurate reports - Serve as a technical SME by analyzing findings, diagnosing root causes, and guiding remediation efforts - Develop and maintain a knowledge base to support continuous improvement - Stay updated on emerging threats and recommend service enhancements - Communicate security requirements effectively and step in as interim team lead when required Qualifications Required: - 8+ years of experience in information security - Bachelor's degree in Engineering, Computer Science, IT, or equivalent - Industry certifications preferred: CISSP, CISA, CISM, CRISC, CCNA/CCNP/CCIE Security In addition to technical expertise with vulnerability scanning platforms, false-positive tuning, and compliance frameworks, you should also be proficient across cloud, on-premises systems, network devices, and infrastructure components. Skills in risk/threat assessment, security policy enforcement, containers, DDI solutions, and WAF/CDN/DDOS solutions will be valuable. Knowledge of scripting (Python) and monitoring tools like Spectrum, SevOne, ThousandEyes, CyberArk, and MS-Entra-ID will be advantageous. Your soft skills should include excellent analytical, communication, and report-writing abilities, strong organizational and time-management skills, and demo