Gainwell TechnologiesRemote
Experienced, Information Security Engineer
United States of America
Full Time
2 days ago
$95,000 - $136,000 USD
No H1B
Key skills
PythonPowerShellLeadershipCommunicationNetwork SecurityCloud Security
About this role
Gainwell Technologies is a company that focuses on improving health and well-being through leading-edge technologies. The role involves conducting scans, analyzing results, performing risk assessments, and guiding remediation efforts for complex security vulnerabilities across various environments.
Responsibilities:
- Develops reports, dashboards, and alerts to automate tasks (Python, PowerShell), and track metrics
- Works with IT Operations, SOC, GRC, Third-Party vendors and leadership to align vulnerability management with broader security, manage compliance, and brief leadership
- Monitor threat landscape, analyze new vulnerabilities (NVD, MITRE), and provide proactive guidance
- Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develops, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools
- Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security
- Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords
- Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines. Develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications
- Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies
- Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security
- Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training
- Assesses the impact on the business unit/customer caused by theft, destruction, alteration or denial of access to information and reports to senior management
- Provides leadership and work guidance to less experienced personnel
Requirements:
- Experience working with vulnerability management/infosec (or equivalent experience)
- Expert Knowledge with scanners (Tenable, Qualys, Rapid7)
- Proficiency with authenticated scanning, agent vs network scanning, discovery, segmentation constraints
- Proficiency with CSPM
- Knowledge of OS (Win/Linux/macOS), cloud security, databases, and networking
- Proficiency with CVE, CVSS, MITRE ATT&CK, FISMA, CISA directives
- Strong risk analysis, root cause identification, and data analysis
- Excellent communication, leadership, and ability to explain complex risks to diverse audiences