Job description

ABOUT OUR CLIENT Our Client is a leader in energy management and power trading, leveraging cutting-edge platforms to deliver secure and resilient operations. With a strong focus on protecting systems, data, and intellectual property, they are committed to building a world-class information security program that supports business growth while staying ahead of emerging cyber threats. ABOUT THE ROLE The Information Security Analyst and Engineer will play a key role in safeguarding mission-critical systems, ensuring compliance, and advancing the organization’s security maturity. This hybrid role blends hands-on security engineering with proactive monitoring, incident response, and program improvement. The position will collaborate with consultants, managed service providers (MSPs), and internal stakeholders to realize a highly effective security strategy. Reporting directly to the Director of Information Security, the role also provides occasional support to the Infrastructure team with basic system administration and help desk duties. RESPONSIBILITIES • Develop and implement processes and technologies to enhance the security program and protect business platforms • Monitor security systems and analyze alerts, logs, and reports • Analyze vulnerability reports and track remediation across teams and systems • Provide metrics to evaluate security program effectiveness • Support security training and awareness programs, including phishing campaigns and in-person sessions • Research emerging IT security trends, attack techniques, and defensive measures • Assist in designing secure architectures across applications and infrastructure • Support internal and external risk assessments, vendor reviews, and security audits • Analyze penetration test results and drive remediation • Contribute to security roadmaps and maturity assessments • Safeguard IT assets and intellectual property by recommending best practices and solutions • Participate in incident response planning, investigations, and compliance reviews • Enhance data loss prevention technologies and processes • Respond rapidly to incidents, conduct root cause analysis, and recommend mitigations • Support business continuity and disaster recovery planning and testing • Validate MSP-delivered security solutions to ensure alignment with standards • Use automation to improve efficiency and effectiveness of security processes • Maintain and improve information security policies and ensure compliance QUALIFICATIONS • Bachelor’s degree in Computer Science, Information Security, or a related technical field • 3–5 years of IT security experience, with hands-on implementation and analysis • Proficiency with EDR or SIEM solutions for configuration and investigations • Competency with firewalls, email gateways, internet filters, and VPNs • Strong background in network security, protocols, and best practices • Understanding of operating system, network, and application security concepts • Familiarity with the NIST Cybersecurity Framework • Working knowledge of network and data center operations • Experience with hybrid, public cloud (Azure preferred), and SaaS environments • Strong analytical, troubleshooting, and problem-solving skills • Excellent communication skills and attention to detail • Adaptability and eagerness to learn new technologies in a collaborative environment PREFERRED QUALIFICATIONS • Experience in the energy or financial services industries • Familiarity with regulatory compliance frameworks such as NERC CIP or SOX • Relevant certifications such as CISSP, CompTIA, or GIAC • Experience in Agile and DevSecOps environments • Scripting knowledge in PowerShell and/or Python

Requirements