Senior Information Engineer
Fulcrum GT · Schaumburg, IL · 2 mo ago
Information TechnologyFull-time
Position Summary
The Fulcrum GT Senior Information Engineer will lead the design, implementation, and management of controls that support enterprise-level security frameworks and compliance.
Key Responsibilities
- Design, implement, and maintain security controls that support compliance with SOC 2 Type II, ISO/IEC 27001, ISO/IEC 42001, CSA STAR Level 2, and CyberEssentials+ standards.
- Oversee the enterprise Identity and Access Management (IAM) program, including role-based access controls, privileged access management, and access governance processes.
- Manage secure authentication systems including multi-factor authentication (MFA) and single sign-on (SSO).
- Implement and maintain malware protection solutions across endpoints, servers, and cloud workloads, including next-generation antivirus and endpoint detection and response (EDR) platforms.
- Design and enforce data loss prevention (DLP) strategies and technologies to protect sensitive information across email, endpoints, network, and cloud environments.
- Establish and maintain IT asset configuration management processes, including configuration baselines, change control, and automated compliance monitoring.
- Lead the technical vulnerability management program, including vulnerability scanning, assessment, prioritization, remediation tracking, and exception management.
- Collaborate with VP, Director of Infrastructure, and CISO to architect and implement cloud security controls across GCP and Azure.
- Oversee physical security monitoring systems, including access control systems and integration with logical security controls.
- Collaborate with VP and CISO on security assessments, gap analyses, and remediation efforts.
- Collaborate with external auditors during security assessments, audits, and certification processes.
- Provide technical leadership and mentorship to the security team, fostering a culture of continuous improvement and security awareness.
Core Technical Expertise
- Identity and Access Management (IAM): Extensive experience with enterprise IAM platforms. Implementation of RBAC, ABAC, and least-privilege access models. Privileged access management (PAM) and secrets management solutions. Identity lifecycle management and automated provisioning/de-provisioning.
- Secure Authentication: Multi-factor authentication (MFA) implementation and enforcement. Single sign-on (SSO) integration and federation protocols (SAML, OAuth 2.0, OIDC). Certificate-based authentication and PKI management.
- Malware Protection: Enterprise antivirus and anti-malware deployment and management. Endpoint detection and response (EDR) and extended detection and response (XDR) platforms. Threat intelligence integration and automated response capabilities. Malware analysis and incident response procedures.
- Data Loss Prevention: Enterprise DLP solution implementation. Data classification and labeling strategies. Content inspection and policy enforcement across network, endpoint, and cloud. Encryption and tokenization technologies for data protection.
- IT Asset Configuration Management: Configuration management tools. Security baseline development and enforcement. Automated compliance scanning and drift detection. Infrastructure as Code (IaC) security and configuration validation.
- Vulnerability Management: Technical vulnerability management program. Vulnerability assessment tools. Vulnerability prioritization. Patch management processes and automation. Penetration testing coordination and vulnerability validation.
Required Qualifications
- Bachelor's degree in Computer Science, Information Security, or related technical field (or equivalent experience).
- Minimum 7-10 years of experience in IT or information security, with at least 3 years in a leadership role.
- Hands-on technical experience implementing and managing security controls in enterprise environments.
- Deep understanding of security frameworks including NIST CSF, CIS Controls, and MITRE ATT&CK.
- Knowledge of emerging technologies including AI/ML security, zero-trust architecture, and DevSecOps.
- Scripting and automation skills (e.g., Python, PowerShell, Bash, Terraform).