Employ Inc. provides people-first recruiting solutions that empower companies to overcome their greatest hiring challenges. Serving SMBs to global enterprises, Employ focuses on the unique recruiting needs of each organization — from simple hiring to sophisticated talent acquisition.
Employ Inc. is the only organization to offer companies a choice in their hiring solutions, providing a curated set of recruiting technologies and services. By prioritizing people ahead of products, Employ helps companies grow, scale, and thrive through personalized choice, collective intelligence, and lasting relationships. Together, Employ and its brands (JazzHR, Lever, Jobvite, Pillar and NXTThing RPO) serve more than 21,000 customers across multiple industries. For more information, visit www.employinc.com.
As a Senior Information Security Engineer, you will play a critical role in advancing the security strategy for a market-leading HR Tech SaaS company. You will join a dynamic team of professionals focused on strengthening our security posture, responding to emerging threats, and proactively mitigating risks. This role involves a mix of proactive security projects and reactive incident response responsibilities.
Responsibilities Include:
- Support regional incident response efforts through security event platforms, triage, potential resolution, and retrospective activities as needed.
- Support efforts for vulnerability management including categorization, tracking, documentation, and reporting on vulnerabilities from discovery through remediation.
- Review and aid in implementation of new security tools including developing requirements, assessing various tools, and deploying them to a production-ready status.
- Provide initiative-taking feedback to improve current monitoring and tools based on information, knowledge, and experience.
- Create reports for the Security Management Team.
- Perform front-line response and escalation tasks; update runbooks and procedures as needed.
- Compile statistics and contribute to the improvement and creation of playbooks.
- Stay current on threats and tools using public cybersecurity resources (e.g., sites, blogs, podcasts).
- Participate in on-call as need.
Qualifications
- Bachelor’s degree in Information Technology, Computer Science, or equivalent training/experience.
- 10 years of firsthand IT experience, with 5+ years in Information Security Engineering focused on incident response, security architecture/design, monitoring, threat detection, and DevSecOps.
- Experience managing end-to-end incident response in cloud environments, including detection, containment, eradication, and recovery.
- Ability to design, implement, and improve security controls using industry standard frameworks.
- Advanced scripting skills for automation, system management, and process efficiency; PowerShell or Python preferred.
- Expertise in identity and access management (IAM, SSO/MFA, SCIM), preferably with Okta, and a strong understanding of DNS and networking protocols.
- Experience working in SOC- or ISO-compliant environments, with an understanding of security standards and compliance practices.
- One or more industry-recognized certifications such as CISSP, AWS Security Specialty, or Azure Security Engineer are strongly preferred.
- Experience in cloud security administration.
Nice to Have:
- Proficiency in offensive or “Purple Team” tactics such as threat hunting and penetration testing, as well as implementing effective defensive solutions.
- Experience with Security Information and Event Management (SIEM) tools.
- Experience with End-point Detection and Response (EDR) tools.
- Familiarity with DAST, SAST, SCA, and secure software development lifecycle; ability to read and understand code (e.g., JavaScript, PHP, Java).
- Experience working within a Security Operations Center (SOC).
- Experience with Digital Loss Prevention (DLP) tools.
What You’ll Bring:
Technical Expertise
- Deep understanding of cybersecurity frameworks (NIST, ISO 27001), threat modeling, risk assessment, and vulnerability management.
- Proven experience executing incident response plans in cloud environments.
- Strong background in cloud security platforms (AWS, Azure), including IAM, network security, and data protection.
- Advanced scripting proficiency (Python, PowerShell) for automation.
- Firsthand experience with SIEM, EDR, XDR, vulnerability scanners, and pen–testing tools.
- Solid grasp of DevSecOps principles and secure software development practices.
- Expertise in IAM and network protocols.
Additional Qualities
- Strong problem-solving and analytical skills to address security threats.
- Excellent written and verbal communication skills.
- Proactive mindset and commitment to continuous learning.
- Ability to collaborate across cross-functional teams.
Employ is an Equal Opportunity employer.
Employ is an E-Verify employer.
