Information Security Engineer

Responsibilities:

Security Operations and Incident Response

• Monitorsecurity tooling andalerts across endpoint, cloud, and network environments; triage and escalate as appropriate

• Perform log analysis and investigation toidentifyand scope the impact of security incidents

• Support incident response and business continuity plan execution, including tabletop exercises and post-incident reviews

• Support managed detection and response (MDR) partner relationships and act on partner recommendations

• Participate in root cause analyses for security findings;identifycontributing factors and implement permanent fixes

AI Security

• Support the growth and innovation driven bygenAI technologies across the business

• Participate in testing and reviewing new AI vendors and tools

• Research AI security approaches like MCP servers, agent policy/proxy server, etc. and recommend AI security tooling and security design

• Provide support and training for security hygiene in using AI tools, agents, frameworks like spec kit, OWASPGenAI Security, etc.

Threat and Vulnerability Management

• Monitor threat info feeds tomonitorand understand the currentthreat landscape andinformtheteam to act on

• Operate and monitor vulnerability scanning tools; track and remediate or document exceptions

• Prioritize remediation efforts based on risk scoring and asset criticality

• Coordinate with engineering and IT teams to ensuretimelypatching and hardening of cloud and endpoint systems

• Support penetration testing engagements: coordinatelogistics, track findings, and drive remediation to closure

Security Tooling & Automation

• Administer and tune security tools including SIEM, vulnerability scanners, EDR, and cloud security posture management (CSPM) platforms

• Build andmaintainautomation and scripts (Python, Bash, or similar) to streamline security operations and reduce manual toil

• Evaluate and recommend new security tools in partnership with the Head of Information Security

Skills and Qualifications

• Two-year or four-yeardegree in computer science,informationsecurity,technology, or related field; or3+ years of equivalent experience

• 2+ years ofexperience in a security operations,site reliability engineering, or otherrelevant role

• Experience with vulnerability management tools and remediation workflows

• Working knowledge of GCP and/or Azure security services and configurations

• Familiarity with IAM, secrets management, and network security concepts in cloud environments

• Proficiencyin shell scripting and Python, TypeScript, Go, or similar programming languages

• Experience withmodernDevSecOpspractices and technologies(Github,Jira,Confluence)

• Experienceoperatingacross cloud-native securityandenterprise productivityenvironments(GCP, Azure, M365)

• Strong analytical and problem-solving skills; high attention to detail

• Ability to communicate and champion security concepts and practices clearly to developers, data engineers, data scientists, and technical and non-technical engineering leadership

Preferred Qualifications

• Security certifications (CCSP, CEH, GSEC, GCIH,etc.)

• Experience withIaCtools such as Terraform,Ansible, or Puppet

• Hands-on experience withCSPM(Wiz, Lacework, etc.)andSIEM platforms

• Experience with containerization technologies (Kubernetes, Docker)

• Familiarity withDevSecOpspractices and software development lifecycle

• Experiencesecuringpersonal informationorotherregulated data

• Exposure tosecurity administration ofBigQuery,Databricks, or similar data platforms

Pay Transparency

At Ovative, we offer a transparent view into three core components of your total compensation package:Base Salary, Annual Bonus, and Benefits. The salary range for this position below is inclusive of an annual bonus.Actual offers are made with consideration for relevant experienceandanticipatedimpact.Additionalbenefits information is provided below.

For our Sr. Analyst positions, our compensation ranges from $75,000 to $93,000, which is inclusive of a 15% bonus.