Information Security Professional

Penlink is a technology company bringing clarity to complex data for people who need it now. We partner with law enforcement agencies across the United States, offering a software solution to manage data and aid investigators solving crimes. It sounds like a lot of data and analytics, but really, it’s about improving the world and keeping safe the places we call home.

We are seeking a motivated and skilled Mid-Level Information Security Professional to join our corporate security team. This individual will play a crucial role in enhancing our security posture, managing vulnerability assessments, overseeing identity and access management, and supporting our incident response efforts.

The ideal candidate will possess hands-on experience with security tools and technologies, particularly in the areas of Cloud Security Posture Management (CSPM), and a strong understanding of compliance requirements.

LOCATION: Qualified candidates must reside within commuting distance of Lincoln, NE.

RESPONSIBILITIES:

• Conduct regular vulnerability assessments, prioritize remediation efforts, and collaborate with cross-functional teams to mitigate security risks.
• Manage user access controls, conduct audits, and implement IAM policies to ensure secure access to systems and data.
• Experience with configuring, monitoring, and troubleshooting firewalls to enhance the organization’s security posture
• Assist the incident response team in identifying, investigating, and responding to security incidents. Contribute to post-incident reviews and improvements in processes.
• Monitor security systems and alerts to identify potential threats. Analyse security incidents and propose solutions to enhance overall security effectiveness.
• Utilize Cloud Security Posture Management tools to assess and manage security configurations in cloud environments, ensuring compliance with security best practices and regulatory requirements.
• Collaborate with third-party vendors or internal teams to conduct penetration tests and vulnerability assessments, analyzing results and recommending remediation.
• Maintain comprehensive documentation of security incidents, vulnerability assessments, and IAM activities. Prepare reports for management to communicate security risks and initiatives.
• Work closely with IT, Operations, and development teams to implement the best security practices and provide guidance on security-related issues.
• Understand the technical requirements and controls associated with SOC 2 and ISO 27001 standards to ensure compliance and support audit processes.
• Work with the compliance team to collect evidence necessary for audits and assessments related to SOC 2 and ISO 27001 compliance.
• Participate in internal and external security audits, ensuring compliance with regulatory requirements and industry standards.
• Stay up to date with the latest security trends, technologies, and threats, and recommend improvements to the security infrastructure based on this knowledge.

Requirements:

• Hands-on experience (typically 4-6 years of relevant experience)
• 4-5 years of hands-on experience in information security, with a focus on vulnerability management, IAM, and security monitoring.
• Ability to educate employees about security policies and best practices to foster a culture of security awareness within the organization
• Advantage: Bachelor’s degree in computer science, Information Security, or a related field.
• Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, SOC 2).
• Familiarity with CSPM tools (e.g., Prisma Cloud, Wiz, or similar).
• Proficiency in Endpoint Detection and Response (EDR) management, with a preference for experience with CrowdStrike, along with experience using security monitoring and incident response tools (e.g., SIEM solutions) for proactive threat detection and response.
• Experience with firewall management and network security, with a preference for experience with Fortinet products.
• Strong background in Mobile Device Management (MDM) and access control, with experience in managing security for both mobile and desktop devices across diverse environments.
• Relevant hands-on certifications such as Certified Ethical Hacker (CEH), CompTIA Security+, Certified Information Systems Security Professional (CISSP), AWS Certified Security – Specialty and Microsoft Certified: Azure Security Engineer Associate are preferred.