If interested, please email Ian Ostberg iostbergalexandertg.com with a current resume and upcoming availability. Information Security Engineer Downtown Boston (Hybrid, onsite 3 days/week) Direct-hire: Perm FTE The ideal candidate will possess a deep understanding of information security principles, advanced cybersecurity methods, and innovative technological solutions to effectively manage daily security operations, develop and implement security policies, and respond to security incidents. To be successful in this role, you should have excellent problem-solving skills and a solid understanding of cloud, on-premises, and application security technologies. You should also be adept at proactively identifying and resolving incidents, providing suggestions and solutions to enhance the security environment, working independently, and collaborating within a team environment. Key Responsibilities: Manage the vulnerability lifecycle from identification to resolution and collaborate with IT teams to maintain secure baseline configurations. Manage security controls such as network and host intrusion detection/protection systems (IDS/IPS), identity access management systems (SSO, IdP), firewalls, security incident and event management systems (SIEM), mobile device management (MDM) systems, data classification and loss prevention systems (DLP), secure email gateways, and proxy systems. Collaborate with Information Technology, Risk Management, and Compliance to analyze and strengthen security controls and implement comprehensive security requirements. Lead the implementation, documentation, and maintenance of information security policies, standards, procedures, and controls. Investigate security incidents, perform root cause analysis to identify indicators of compromise, and maintain documentation for corrective actions and improvements. Oversee third-party providers to enhance security controls and procedures. Monitor and analyze event logging across the organization, ensuring proper alerting is in place, reducing false positives, and identifying and correcting false negatives. Identify and address gaps in security controls and remedy documented control weaknesses. Collaborate with the business to ensure the information security program is properly implemented. Conduct information security reviews of external systems containing or utilizing firm or client NPPI. Stay current with the latest security technologies, trends, vulnerabilities, and emerging threats, providing expert guidance to stakeholders. Education & Experience: Over 5 years in a dedicated security role, demonstrating increased responsibilities. Experience in Information Security domains such as Information Security Governance, Compliance, and Regulations, as well as knowledge of frameworks like CIS, NIST, ISO 27001, and SOC reports. Professional certifications such as CISSP/CCSP, CySA/CASP, Security, or GIAC are highly preferred. Specialized Skills: In-depth understanding of computing environments, including virtualization, cloud technologies, networks and protocols, data loss prevention, identity access management, multi-factor authentication, public key infrastructure and cryptography, intrusion detection, firewalls, mobile device management, proxies, vulnerability assessment tools, and incident response. Critical thinker with analytical problem-solving skills, capable of assessing complex security issues and recommending practical solutions for the business. Organized and detail-oriented, capable of independently producing documentation, communicating effectively, and fostering cross-functional team collaboration. Solid project management skills (organizing, planning, reporting, documenting, driving tasks to closure, etc.). Excellent communication and interpersonal skills with business partners and key stakeholders are critical for this role. Comfortable working in a fast-paced and small company culture environment and managing various tasks If interested, please email Ian Ostberg iostbergalexandertg.com with a current resume and upcoming availability. ATG456 MONATG