[Remote] Experienced, Information Security Engineer

Note: The job is a remote job and is open to candidates in USA. Gainwell Technologies is a company that focuses on improving health and well-being through leading-edge technologies. The role involves conducting scans, analyzing results, performing risk assessments, and guiding remediation efforts for complex security vulnerabilities across various environments.

Responsibilities

• Develops reports, dashboards, and alerts to automate tasks (Python, PowerShell), and track metrics
• Works with IT Operations, SOC, GRC, Third-Party vendors and leadership to align vulnerability management with broader security, manage compliance, and brief leadership
• Monitor threat landscape, analyze new vulnerabilities (NVD, MITRE), and provide proactive guidance
• Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develops, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools
• Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security
• Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords
• Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines. Develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications
• Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies
• Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security
• Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training
• Assesses the impact on the business unit/customer caused by theft, destruction, alteration or denial of access to information and reports to senior management
• Provides leadership and work guidance to less experienced personnel

Skills

• Experience working with vulnerability management/infosec (or equivalent experience)
• Expert Knowledge with scanners (Tenable, Qualys, Rapid7)
• Proficiency with authenticated scanning, agent vs network scanning, discovery, segmentation constraints
• Proficiency with CSPM
• Knowledge of OS (Win/Linux/macOS), cloud security, databases, and networking
• Proficiency with CVE, CVSS, MITRE ATT&CK, FISMA, CISA directives
• Strong risk analysis, root cause identification, and data analysis
• Excellent communication, leadership, and ability to explain complex risks to diverse audiences

Benefits

• Generous, flexible vacation policy
• 401(k) employer match
• Comprehensive health benefits
• Educational assistance
• Leadership and technical development academies

Company Overview