Security Engineer
Description:
Job Description
This is a 6 to 9 month contract to hire position.
Open to working a Hybrid schedule.
Summary
In this role, you will collaborate closely with the Head of Information Security to develop, manage, and continuously enhance a comprehensive cybersecurity program. This program aims to protect corporate systems and data while ensuring secure business operations. Strong communication skills are essential, as this position involves frequent interaction with both technical and non-technical stakeholders.
Responsibilities
Design, deploy, monitor, and manage security engineering platforms to safeguard company infrastructure and sensitive information.
Provide expert guidance on security best practices during infrastructure, engineering, and application architecture reviews.
Identify and mitigate security threats and vulnerabilities, including cross-site scripting (XSS), SQL injection, session hijacking, and social engineering tactics.
Develop and maintain documentation, including standard operating procedures (SOPs), security policies, and configuration baselines.
Conduct internal security audits across multiple departments to ensure compliance and identify areas for improvement.
Implement and optimize logging and event monitoring systems using SIEM tools such as Splunk and Azure Sentinel.
Design and enforce cloud security strategies focusing on identity and access management, encryption, and secure networking.
Perform vulnerability assessments and penetration testing on web applications.
Collaborate with development, operations, and IT teams to embed security into the software development lifecycle (SDLC).
Lead cybersecurity incident response activities, including investigation, containment, resolution, and post-incident analysis to strengthen defenses.
Qualifications
5–7 years of experience securing public cloud environments, including AWS, Azure, and Oracle Cloud Infrastructure (OCI).
Hands-on experience with integrating security into DevOps workflows and CI/CD pipelines.
Proven experience conducting compliance assessments and audits for HIPAA, SOC 2, and SOX.
Proficiency with advanced security technologies, including next-gen firewalls, web application firewalls (WAFs), endpoint protection, encryption solutions, email filtering, and data loss prevention (DLP).
Strong technical background in Windows Server administration, DNS, DHCP, Active Directory, and network switch configurations.
Experience in configuring and operating SIEM platforms such as Splunk, Sumo Logic, or Azure Sentinel.
Solid understanding of Risk Management Frameworks, such as NIST RMF or equivalent.
Certifications
Certified Information Systems Security Professional (CISSP) – would be a nice to haveCompany Description
The ambition of RennerBrown is to provide the resources and opportunities necessary to attract, train, and retain our associates to ensure they fulfill our quality commitment to our clients. We provide IT solutions in NYC, NJ, Pa and beyond, and valuing quality above quantity will continue to make RennerBrown the premium choice for resources and opportunities: “our people deliver quality to our clients.”
Hybrid remote