Information Security Engineer

nDescriptionn nnWant to Work with Really Great People?  The lifeblood of Covius is our people.

We are a tight-knit group and were passionate about what we do.  If you thrive on challenges and collaboration, and work hard no matter who is watching, we want to talk to you.  At Covius, we believe its possible to love coming to work. nn nnWe dont do easy here.  Standards are high, and we take pride in exceeding expectations.

Its how weve gotten to where we are, and its how we grow.  We are a mid-sized company with a big heart.  If youre looking for an opportunity thats authentic, meaningful and emphasizes living a balanced life, Covius is the place for you.nn nnThe Information Security Engineer designs and oversees implementation of information security methodologies and solutions, as well as analyzes, implements and maintains security standards and tools for the organization. nn nEssential Functions:n Identify potential security risks and define and document remediation options or mitigating controls Assist in implementation of remediation and/or mitigating security control measures as applicable.

Assist with the development, implementation and administration of information security policies, standards and procedures Assist in ensuring that the corporate IT environment is secure and complies with all external audit requirements and federal standards Coordinate with systems and network engineers to ensure servers and network devices conform to security standards, and that security devices and controls are working as designed Implement and maintain cryptographic controls (e.g.

data at rest, data in transit) in line with security requirements Organize and coordinate the activities of external security firms providing services for the organization.

Perform risk assessments and execute system tests to ensure proper functioning of data processing activities and security measures Define and assist in the management of an Incident Response Team that addresses potential or in-progress security events, establishing and adhering to escalation procedures and response times Review and approve submitted application and systems change requests for security compliance Assist with client requested security audits, responding to client inquiries and providing supporting evidence Perform periodic internal IT security audit functions on IT operational controls, to include system access controls, firewall rule reviews, etc.

Assist with development and delivery of security training programs and promote ongoing security awareness Provide subject matter expertise, counsel and input for enterprise-wide information security initiatives, strategies, projects and policies Monitor emerging products, technologies and best practices that will improve security for the organization and its stakeholders.

Perform related duties as requested nEducation:n Bachelor’s degree in Computer Science, Information Systems Security, Cybersecurity or related field is required Master’s degree a plus CISSP required Other security class certifications strongly preferred (GSEC, Security+, CCSP, etc.) nExperience:n Experience working in IT/Networking/Systems Administration (7+ years) Experience in Information Security or related field (5+ years) Experience as a security specialist in a regulated IT environment including some combination of SOX, HIPAA, GLBA, PCI (1+ years) nEssential Knowledge, Skills & Abilities:n Excellent understanding of the OSI network model and network protocols such as TCP/IP, firewalls, proxies, IDPS concepts Excellent understanding of various cyber threats and mitigating controls Excellent understanding of various endpoint security solutions such as Cortex XDR, Trend, M365, DLP, encryption, hardening, etc.

Excellent understanding of email security solutions such as M365/Exchange and Mimecast Rapid7 Insight IDR (SIEM) experience a plus Proficient with administration and management of other security tools and appliances Knowledge of security-oriented regulatory requirements and compliance Knowledge of the mortgage industry is helpful, but not required Excellent written and verbal communication skills required to communicate with all professional levels