Information Security Engineer

Glocomms is partnered with a boutique-style commercial bank, with $182B in assets, seeking an experienced Information Security Engineer with 5+ years of expertise in hands on info sec engineering. This is an exciting opportunity to join a lean security team, where there's exceptional impact potential in our client's the security landscape.

In this role, you will be responsible for securing the network, systems, and cloud environments, ensuring compliance with industry standards (GDPR, HIPAA, PCI DSS), and protecting sensitive financial data. Your responsibilities will include vulnerability assessments, incident response, automating SIEM, and implementing best practices for security across infrastructure and applications. You'll work closely with cross-functional teams, leveraging your expertise in cloud security (AWS, M365), scripting, and security frameworks (NIST, ISO 27001).

Responsibilities

• Monitor and analyze cyber threats and threat intelligence to proactively mitigate risks.
• Manage vulnerability assessments, incident response, and threat detection processes.
• Deploy and maintain security technologies such as SIEM, EDR, SOAR, PIM, and MFA.
• Automate incident response workflows and improve detection through data correlation and analytics.
• Enforce identity and access management, including privileged access and multi-factor authentication.
• Integrate security best practices into IT projects and system development lifecycles.
• Troubleshoot complex security issues and drive continuous improvement across security operations.
• Support the execution of the organization's security strategy and long-term roadmap.
• Collaborate with IT, cross-functional teams, MSPs, and vendors to ensure aligned security efforts.
• Provide user support and guidance on security controls, policies, and awareness.

Qualifications

• 5+ years of experience in Information Security Engineering with expertise in security frameworks (NIST, ISO 27001) and internet protocols (HTTP, HTTPS, TLS/SSL, TCP/IP).
• Proficient in firewall configuration, IDS/IPS, vulnerability scanning, SIEM tools, and network monitoring.
• Expertise in patch management, vulnerability assessments, securing systems (Windows AD, M365, AWS IAM, Docker/Kubernetes), and event log analysis.
• Experience with securing cloud environments, DevSecOps practices, and implementing compliance standards (GDPR, HIPAA, PCI DSS).
• Skilled in scripting (Python, Bash, PowerShell) for automation and data analysis, and securing containerized environments.
• Strong knowledge of MITRE ATT&CK, CVEs, and security best practices.
• Experience managing user/device lifecycles, DNS security, and cloud security.
• Proven ability to lead security projects, work independently, and communicate complex technical concepts to stakeholders.
• Certifications: CISSP, CEH, or equivalent certifications preferred.
• Additional: Familiarity with financial regulations (FFIEC, NY DFS 500, GLBA, CCPA), and eligibility to work in the USA without sponsorship.

If you are interested, please apply in directly!