POSITION SUMMARY

The Security Engineer identifies, assesses, and manages security risks for Tactile Medical’s data and infrastructure in the enterprise and cloud environments. The Security Engineer conducts vulnerability assessments to identify security risks from misconfiguration and software vulnerabilities and holds primary responsibility for prioritization and mitigation of threats based on severity and impact, and will engage with appropriate application and infrastructure owners to ensure timely remediation. The Security Engineer is the primary point of escalation for security investigations and incidents, working collaboratively with external Managed Security Service Providers and internal resources.
Responsibilities:

EDUCATION & EXPERIENCE:

Required:

• Bachelor’s degree or equivalent experience
• 5+ years of experience in Information Security
• Strong understanding of Microsoft Windows / Active Directory and best practices for securing and monitoring
• Working knowledge of cloud security stack (CSPM, CASB) and Azure native features (CIS Benchmarking, Defender)
• Understanding of enterprise networking concept

Preferred:

• Information security certification (SSCP, CCSP, CISSP, CISA, CEH, CompTIA Security+)

KNOWLEDGE & SKILLS:

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An understanding of organizational mission, values, and goals and consistent application of this knowledge
• Strong problem-solving and trouble-shooting skills
• Strong verbal and written communications skills

• Install, configure, test and maintain information security tools.
• Operational support for security alerts, incident response and forensic analysis.
• Assessment of security controls for compliance with regulatory requirements including HIPAA, SOX, and PCI-DSS.
• Provide high-level information security services for the company, including supporting regular auditing procedures, performing risk/vulnerability mitigation actions based on audit finding, incident response and documentation, and enforcement of best practices as defined by the company’s Information Security Program.
• Research security trends, adversarial techniques and evolving threat landscape; advise and guide our Information Security Program as a Subject Matter Expert.
• Manage Information Security Awareness Training program for employees.
• Correlate network activity across networks (enterprise and cloud) to identify trends of unauthorized use or Indicators of Compromise.
• Coordinate with security vendors and internal personnel for projects and issue resolution; evaluate new tools and capabilities to improve our security posture.
• Validation and testing of new networking equipment, servers and workstations for security issues and compliance with baseline requirements.
• Maintain a high level of confidentiality on security matters.
  Qualifications: