Torchora
Back to Home

Key Responsibilities and Required Skills for Information Systems Security Engineer

💰 $95,000 - $155,000

CybersecurityInformation SecurityIT

🎯 Role Definition

We are seeking a seasoned Information Systems Security Engineer to design, implement, operate, and continuously improve security controls across hybrid enterprise environments. This role is responsible for threat detection and response, vulnerability and patch management, secure architecture reviews, identity and access management, and ensuring compliance with regulatory and internal security policies. The ideal candidate combines hands-on technical expertise (SIEM, endpoint protection, cloud security, IAM), strong systems engineering instincts, and the ability to partner with application, network, and cloud teams to reduce risk while enabling business objectives.

Key search / SEO keywords: Information Systems Security Engineer, cybersecurity, security engineer, SIEM, vulnerability management, cloud security (AWS, Azure, GCP), incident response, NIST, ISO 27001, IAM, firewall, endpoint protection, DevSecOps.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Security Analyst (SOC)
  • Network or Systems Engineer with security responsibilities
  • Application security or DevOps engineer transitioning into security

Advancement To:

  • Senior Information Systems Security Engineer / Principal Security Engineer
  • Security Architect
  • Security Engineering Manager / Director of Security Engineering
  • Chief Information Security Officer (CISO) over time

Lateral Moves:

  • Cloud Security Engineer / Cloud Security Architect
  • Security Consultant / Penetration Tester
  • Incident Response / Forensics Specialist

Core Responsibilities

Primary Functions

  • Lead the design, deployment, and ongoing tuning of centralized logging and security information and event management (SIEM) systems (e.g., Splunk, Elastic, QRadar), including use case development, rules, parsing, dashboards, and automated alerts to identify high-risk security incidents across enterprise systems and cloud environments.
  • Own incident detection and response workflows: triage alerts, perform root cause analysis, lead containment and eradication activities, coordinate cross-functional response teams, produce incident reports and lessons learned, and iterate on playbooks and runbooks to reduce mean time to detect and respond.
  • Manage and execute a continual vulnerability management program: schedule and run authenticated and unauthenticated scans (Nessus, Tenable, Qualys), prioritize findings based on business risk, drive cross-team remediation, verify fixes, and report metrics to leadership.
  • Architect, implement, and maintain network and host-based security controls including next-generation firewalls, IDS/IPS, web application firewalls (WAF), NAC, micro-segmentation and host-based protection (EDR/XDR tools such as CrowdStrike, Carbon Black), ensuring rule hygiene and performance.
  • Design and validate secure cloud architectures across AWS, Azure, and GCP: implement IAM best practices, least privilege models, VPC/subnet segmentation, cloud-native logging and monitoring (CloudTrail, CloudWatch, Security Center), and encryption of data at rest and in transit.
  • Implement and operate identity and access management (IAM) systems: Active Directory/Azure AD administration, single sign-on integrations (Okta, SAML, OIDC), role-based access control, privileged access management (PAM), multi-factor authentication, and access reviews to prevent privilege creep.
  • Lead secure design reviews for new applications, infrastructure, and major changes: perform threat modeling, identify security requirements, provide remediation guidance, and sign off on security acceptance criteria prior to production deployment.
  • Integrate threat intelligence feeds and hunting techniques into monitoring and detection strategies; proactively search for suspicious behaviors, persistent threats, and indicators of compromise across enterprise data sources.
  • Drive secure software development lifecycle (SDLC) practices: integrate static and dynamic application security testing (SAST/DAST), dependency scanning, code review checklists, and pipeline security controls to reduce software vulnerabilities pre-deployment.
  • Deploy and maintain data protection controls: DLP policies, encryption key management (KMS/HSM), tokenization approaches, and secure backup strategies to protect sensitive data and comply with privacy regulations.
  • Build and maintain automation and orchestration for security tasks (SOAR) to accelerate response, reduce manual steps, and improve consistency for recurring security investigations and remediation.
  • Coordinate vulnerability disclosure, penetration testing, and red-team engagements; manage third-party testers, review findings, track remediation items, and validate mitigation before closure.
  • Develop and maintain security policies, standards, and technical guidelines aligned to regulatory frameworks (NIST 800-53/800-171, ISO 27001, SOC 2, PCI DSS) and internal enterprise risk posture.
  • Implement and operate logging, monitoring, and alerting for critical infrastructure, cloud services, containers, and orchestration platforms (Kubernetes), ensuring observability for security use cases.
  • Drive patch management strategy with systems and application teams: evaluate patch risk, pilot and schedule rollouts, validate deployments, and report patch compliance to security leadership.
  • Conduct risk assessments and business impact analyses for systems, applications, and third-party vendors; quantify and communicate residual risk, and recommend compensating controls.
  • Lead vendor and third-party security evaluations including security questionnaires, penetration test reviews, contractual security clauses, and ongoing monitoring of vendor security posture.
  • Design and implement network segmentation and secure connectivity for remote workers and partner integrations, including VPN, Zero Trust architectures, SASE, and secure access service edge controls.
  • Maintain and tune endpoint protection stacks including anti-malware, EDR/XDR, host firewall configurations, and remote response tooling to minimize lateral movement and persistence by adversaries.
  • Provide security architecture and engineering support for containerized and CI/CD environments: secure build pipelines, artifact management, scanning of images, runtime protection, and least-privilege orchestration.
  • Create and maintain security metrics, dashboards, and executive-ready reporting that measure program effectiveness (MTTR, detection coverage, patch compliance, risk posture) and inform security investment decisions.
  • Mentor and train engineers, operators, and application teams on secure configuration, incident handling, and threat awareness; deliver periodic tabletop exercises and technical workshops.
  • Drive continuous improvement by analyzing incidents, near-misses, and operational metrics, proposing architectural and process changes to reduce attack surface and increase resilience.
  • Participate in change control processes to ensure security reviews and approvals are part of major infrastructure and application deployments to production environments.

Secondary Functions

  • Maintain detailed technical documentation, including runbooks, playbooks, architecture diagrams, and security control inventories to support audits and operational continuity.
  • Support security audit and compliance activities by preparing evidence packages, responding to auditor questions, and implementing remediation actions for findings.
  • Assist in procurement and evaluation of security tooling and platforms; perform proof-of-concepts, total cost of ownership analysis, and vendor technical assessments.
  • Provide on-call support for escalated security incidents and coordinate with external incident response vendors when required.
  • Contribute to budget planning and capital requests for security initiatives, tools, and professional services, articulating ROI and risk reduction.
  • Support security awareness programs by creating technical content, running simulated phishing campaigns, and measuring program outcomes.
  • Collaborate with legal, privacy, and compliance teams on breach notification, regulatory reporting, and contractual security obligations.
  • Participate in cross-functional architecture and operational forums to represent security priorities and negotiate feasible security controls with product and engineering teams.
  • Conduct ad-hoc security research, proof-of-concept implementations, and pilot emerging security technologies to keep the security stack current and effective.
  • Maintain relationships with external security communities, vendors, and law enforcement liaisons to share threat intelligence and best practices.

Required Skills & Competencies

Hard Skills (Technical)

  • Security Monitoring & SIEM: Hands-on experience with SIEM platforms (Splunk, Elastic, IBM QRadar) including parsing, correlation rules, dashboards, and threat detection playbooks.
  • Incident Response & Forensics: Strong capabilities in incident triage, containment, root-cause analysis, digital forensics tools (EnCase, FTK), and incident reporting.
  • Vulnerability Management & Penetration Testing: Proficient with Nessus/Tenable, Qualys, Burp Suite, Metasploit; ability to prioritize remediation based on business risk.
  • Cloud Security: Deep knowledge of AWS/Azure/GCP security services (IAM, KMS, CloudTrail, Security Hub, Azure Defender), cloud networking, and best practices for secure cloud architecture.
  • Identity & Access Management (IAM): Experience with Active Directory, Azure AD, Okta, SSO (SAML/OIDC), PAM solutions, and designing least-privilege models.
  • Endpoint & EDR/XDR Tools: Administration and tuning experience with CrowdStrike, Carbon Black, Microsoft Defender ATP or similar endpoint protection platforms.
  • Network Security: Practical skills with firewalls (Palo Alto, Cisco ASA, Fortinet), IDS/IPS, VPNs, segmentation, and secure network design principles.
  • DevSecOps & Pipeline Security: Integration of SAST/DAST (SonarQube, Veracode), dependency scanning, container image scanning, and pipeline hardening in CI/CD workflows.
  • Automation & Scripting: Proficient in scripting languages (Python, PowerShell, Bash) to automate detection, response, and remediation tasks and build integrations.
  • SOAR & Automation Tools: Experience implementing or using SOAR platforms (Phantom, Demisto) to orchestrate and automate runbooks and responses.
  • Compliance & Frameworks: Practical knowledge implementing controls to satisfy NIST 800-53/800-171, ISO 27001, SOC 2, PCI DSS requirements and preparing for audits.
  • Encryption & Key Management: Familiarity with TLS, PKI, HSM/KMS, and encryption implementation for data at rest and in transit.
  • Container & Orchestration Security: Knowledge of Kubernetes security, container image hardening, runtime monitoring, and service mesh implications.
  • Threat Intelligence & Hunting: Experience operationalizing threat feeds, YARA rules, and proactive hunt methodologies to detect advanced adversaries.
  • Logging & Observability: Ability to instrument applications and infrastructure to produce actionable security telemetry, including cloud-native logging stacks.

Soft Skills

  • Excellent verbal and written communication skills for interacting with technical teams, executives, and auditors.
  • Strong analytical and problem-solving ability with attention to detail and the capacity to prioritize under pressure.
  • Collaborative mindset: proven ability to work cross-functionally with application, network, cloud, and business teams to implement security controls without impeding delivery.
  • Leadership and mentorship: ability to guide junior engineers, lead incident response efforts, and drive cross-team initiatives.
  • Project management and organization skills to manage multiple concurrent security projects and initiatives.
  • Business acumen: translate technical risks into business impacts and make pragmatic, risk-based recommendations.
  • Adaptability and continuous learning orientation to rapidly adopt new technologies and respond to evolving threats.
  • Integrity and confidentiality when handling sensitive data and incidents.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Systems, or equivalent industry experience.

Preferred Education:

  • Master’s degree in Cybersecurity, Information Assurance, or related field.
  • Professional certifications such as CISSP, CISM, OSCP, GIAC (GCIH, GCIA), or cloud security certs (AWS Certified Security, CCSK).

Relevant Fields of Study:

  • Computer Science
  • Cybersecurity / Information Security
  • Information Systems
  • Network Engineering
  • Electrical or Computer Engineering

Experience Requirements

Typical Experience Range:

  • 3–8 years of hands-on security engineering, SOC, or systems/network engineering with significant security responsibilities.

Preferred:

  • 5+ years in enterprise security engineering roles with demonstrated experience in SIEM deployment and tuning, incident response, cloud security architecture, and vulnerability management.
  • Proven track record working with cross-functional engineering teams, managing security projects, and meeting compliance requirements in regulated environments.
Explore More Careers