IT Info Security Specialist managing ERIE's information security program to protect digital assets. Collaborating with various teams to enforce security measures and resolve identity access issues.
About the role
- Senior Information Security Engineer supporting advanced cybersecurity operations in AWS environment. Leading security measures and risk assessments to protect organizations from cyber threats.
Responsibilities
- Own end-to-end security operations: monitoring, investigation, and response across AWS, SaaS, and endpoint environments.
- Lead incident response from triage to root cause and executive reporting.
- Design and refine operational playbooks.
- Secure AWS using Wiz and native controls, proactively addressing misconfigurations and identity risks.
- Continuously assess cloud posture and drive remediation with Cloud Engineering, embedding secure-by-design principles.
- Own the vulnerability management lifecycle (Tenable), translating data into business risk decisions and driving architectural improvements.
- Manage and optimize endpoint detection and response (CrowdStrike).
- Oversee identity and access control validation, including quarterly reviews and least-privilege enforcement.
- Lead phishing simulations and security awareness.
- Build automation and response workflows with Torq to accelerate remediation.
- Continuously evaluate and optimize the security stack; identify bottlenecks and engineer scalable solutions.
- Maintain and mature compliance (ISO 27001, SOC 2, PCI-DSS) using Drata for continuous monitoring and audit readiness.
- Conduct control testing (CIS Benchmarks, MITRE ATT&CK).
- Support risk assessments and security evaluations.
- Act as a security advisor to IT, Engineering, and business leadership, providing risk-informed guidance and helping shape the security program roadmap.
Requirements
- 5+ years of progressive experience in Information Security, Cloud Security, or Security Operations.
- Strong hands-on experience with modern security tooling, including Splunk, Wiz, Tenable, CrowdStrike, Torq, and Drata.
- Proven experience securing AWS and SaaS-based environments.
- Experience operating within regulated environments (ISO 27001, SOC 2, PCI-DSS).
- Familiarity with CIS Benchmarks, MITRE ATT&CK, and modern security architecture principles.
- Ability to independently prioritize, execute, and drive outcomes across multiple domains.
- Clear communication skills with the ability to translate technical risk to business stakeholders.
- High integrity, strong ownership mindset, and a bias toward action.
Benefits
- Medical, dental, vision, and disability insurance
- Flexible Time Off (FTO), 12 company holidays, sick leave and 8-Weeks Paid Parental Leave
- Unique professional development benefits with Annual “development dollars” to support our people growth and development
- Wellness contests and monthly educational programs
- 401(K) retirement program
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
CISA Auditor Cyber Security at an international bank, planning and conducting IT audit examinations, focusing on cyber threats. Requires IT auditing experience and a Master in Information Systems or Engineering.
Security Engineer responsible for managing cyber risk remediation measures at Tiime startup in Paris. Collaborating with product teams to ensure application security and risk evaluation.
Cybersecurity Engineer managing complex IT environments and providing support for clients. Involved in cloud, cybersecurity, and managed services within a dynamic startup environment.
Security Engineer ensuring compliance and managing security processes at Relax Gaming. Responsible for security operations, risk assessments, and developing secure systems.
Information Security Consultant at heyData supporting businesses in compliance with DORA and ISO 27001. Engaging with clients and enhancing security offerings in a dynamic startup environment.
Information Security Manager at NVISO, leading cybersecurity initiatives and managing a team of consultants. Focused on enhancing clients’ security posture through strategic program implementation.
Senior Cyber Security Consultant working to enhance software development security for diverse clients. Collaborating with major international firms while leading projects in secure application development.
Information Security Officer at Specialty Systems supporting cybersecurity for Navy systems. Role involves RMF implementation, vulnerability management, and collaboration with technical teams.
Cybersecurity Expert managing projects in IT governance and Microsoft Cloud technologies. Collaborating with a motivated team in a hybrid work environment.