Job Title: Information Security Engineer Crowdstrike
Primary Location: Hybrid Schaumburg, IL
Position Type: Full-Time

Compensation Information
The expected salary range for this position is $120,000 - $165,000 per year, depending on experience and qualifications. This role also qualifies for comprehensive benefits such as health insurance, 401(k), and paid time off. TalentFish is committed to pay transparency and equal opportunity. The salary range provided is in compliance with applicable state and federal regulations.

Overview
TalentFish is casting a line for an Information Security Engineer. This is a full-time role that is hybrid in Schaumburg, IL.
The purpose of this position is to ensure the continuous improvement, implementation, management, and enhancement of the organization's managed security platform tools and overall information security posture. This individual will play a key role in protecting systems, data, and infrastructure from cyber threats while cultivating a culture of security awareness and proactive risk mitigation.

What You Bring to the Role (Ideal Experience)
Bachelor's degree in Computer Science or related field.
5+ years of experience in information security or equivalent experience managing various aspects of security such as identity management, firewalls, security awareness SaaS platforms, and working with managed security providers (SIEM/firewall support).
Experience translating penetration test results and security assessment recommendations into actionable implementation plans.
Strong understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
Ability to identify and mitigate network vulnerabilities and communicate how to avoid them.
Knowledge of patch management and the ability to deploy patches in a timely manner while balancing business impact.
Preferred certifications include GCIH, Cloud Security certifications, MDR Certifications with vendors, or any GIAC Certification.
Experience deploying and supporting zero-trust network access products.

Must Have CrowdStrike (EDR) Strong hands-on experience using CrowdStrike Falcon as an Endpoint Detection & Response (EDR) platform, including alert triage, investigations, and response actions.

Microsoft Azure Strong knowledge of Azure security controls, including identity, networking, logging, and security monitoring.

Zscaler Strong experience with Zscaler (ZIA/ZPA preferred), including secure internet access, zero trust concepts, and policy enforcement.

Application Security (Program Build-Out) Strong understanding of application security concepts, Experience helping build or mature an AppSec program is highly desirable.

Good to Have

CrowdStrike Spotlight Familiarity with CrowdStrike Spotlight for vulnerability identification, prioritization, and remediation tracking.

CrowdStrike as SIEM / Log Source Experience using CrowdStrike data for security monitoring, integrations, or correlation with SIEM platforms.

Cloudflare (WAF) Working knowledge of Cloudflare used as a Web Application Firewall (WAF)

Windows Operating Systems Strong working knowledge of Windows client and server operating systems, including security hardening, patching, and troubleshooting.

What You'll Do (Skills Used in this Position)
Continuously improve, implement, manage, and enhance managed security platform tools (both in-house and managed security services).
Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
Review and respond to daily data from email security SaaS platforms, cloud-based systems, and end-point protection platforms for potential security incidents.
Prioritize, resolve, and mitigate known and reported vulnerabilities to maintain a high-security standard.
Develop and implement company-wide best practices for IT security and risk mitigation.
Build and maintain a global security awareness and training program.
Implement, maintain, and monitor controls aligned with common security frameworks.
Partner with external vendors to routinely test internal and external vulnerabilities.
Train IT staff on secure infrastructure and DevOps best practices.
Build security workflows for secure code deployment and validation of existing code.
Research and recommend security enhancements and stay up to date with emerging technologies and compliance requirements.
Maintain patch management of servers, PCs, etc., and provide compliance reporting on a routine basis.
Participate in ensuring a safe and compliant workplace environment.
Perform other duties as assigned by management.