Information Security Engineer

As an Information Security Engineer at Keyfactor, you will be responsible for implementing and managing security frameworks like ISO 27001:2022 and SOC 2 Type II, conducting vulnerability assessments, and managing continuous monitoring processes. Your role will also involve collaborating with IT and DevOps teams to enforce security policies and providing expert guidance on security matters.

Keyfactor requires candidates for the Information Security Engineer position to have a minimum of 5 years’ experience in information security, proficiency with vulnerability scanning tools like Nessus and Burpsuite, and a strong knowledge of security standards. Relevant certifications such as CISSP or CompTIA Security+ are preferred.

Yes, the Information Security Engineer role at Keyfactor can be performed remotely within the United States, allowing you to work from the comfort of your home while contributing to our mission of ensuring digital trust.

In your role at Keyfactor, you will work with a variety of security tools including vulnerability scanning tools like Nessus, Azure security tools, and Tenable. Experience with security automation and continuous monitoring tools will also be valuable.

Keyfactor is recognized as a Best Place to Work, fostering a culture of trust, innovation, and teamwork. We offer comprehensive benefits, opportunities for professional growth, and a commitment to diversity and inclusion. Plus, enjoy perks like Second Fridays off, unlimited time off, and wellbeing resources.

When answering this question, highlight specific projects where you've implemented or maintained ISO 27001 or SOC 2 standards. Discuss the frameworks' requirements, your approach to audits, and any improvements you've made in these areas.

In your response, explain the step-by-step process you follow for conducting vulnerability assessments. Mention the tools you use, how you prioritize findings, and your approach to remediating identified vulnerabilities.

Detail your experience in responding to security incidents by outlining the processes you follow, such as detection, containment, eradication, and recovery, while emphasizing the importance of documentation and learning from each incident.

Enumerate the security tools you're familiar with, like Nessus, Burpsuite, and others, and provide examples of how you've utilized them in past roles. Highlight any specific contributions these tools allowed you to make to enhance security.

Discuss the methods you use to stay informed, such as following industry blogs, attending webinars and conferences, participating in security forums, or taking relevant courses. Show your commitment to professional development.

Share a specific situation that posed a challenge, your thought process in addressing it, and the successful outcome. This will showcase your problem-solving skills and resilience in difficult situations.

Explain your philosophy on cross-team collaboration, possibly detailing how communication and shared goals contribute to effective security practices. Offer examples of past experiences where teamwork led to successful security implementations.

Describe your method for prioritization, whether through risk assessments, the impact of tasks on business objectives, or using project management tools. Illustrate with examples where you successfully managed competing priorities.

Discuss the critical importance of employee training in reducing security risks, how you would develop a training program, and any past experiences where your initiatives positively impacted security awareness in an organization.

Emphasize the need for continuous improvement and staying informed about regulatory changes. Explain strategies like developing adaptable policies, monitoring compliance, and regularly assessing security measures to meet evolving standards.