REMOTEFULLTIME
Information Security Engineer
Allison Transmission
Remote · remote · Posted 8d ago
Your match
Sign in to see your match score, skill gaps & tailored resume.
Section · 01
About this role
Primary Purpose of Role: (A short 2-4 line paragraph that captures the primary purpose of the role) The InfoSec Engineer is responsible for designing, engineering, and implementing security controls, secure architectures, and platforms across cloud, enterprise, and operational technology environments. This role ensures alignment with frameworks such as Zero Trust, NIST, and CMMC. Key Responsibilities: (Between 6-10 bullet points that describe the primary responsibilities contained in the role) • Security Architecture & Design: Design secure enterprise, cloud, and enclave architectures; align to Zero Trust, NIST, and CMMC frameworks. • Tool Implementation & Integration: Deploy and integrate security technologies across the stack. • Cloud & Infrastructure Security: Secure Azure/AWS environments; build and maintain regulated enclaves (e.g., CMMC). • Control Design & Hardening: Define security baselines, standards, and preventive/detective controls. • Perimeter & Email Security Engineering: Manage firewalls, secure web gateways, and email security platforms. • OT / ICS Security Engineering: Engineer controls, segmentation, and monitoring for industrial environments. • Application Control & Endpoint Policy Engineering: Define and enforce application allow/block policies and endpoint controls. Key Performance Measures: (Identify up to 5 key performance indicators by which success in this role can be measured) • Successful deployment and integration of security controls • Measurable reduction of security risks • Adherence to architectural standards and frameworks • Uptime and reliability of engineered platforms. Competencies and Behaviors: (Primary competencies that contribute to success in how the individual will get the work done - should be selected from the Allison’ list and defined at the appropriate skill level) The Highest Standards in Everything We Do • Takes responsibility to deliver and can be counted on to deliver results in the right way. • Adheres to a core set of values and acts in line with those values. Drive a Positive Customer Experience • Thinks through the consequences of actions with different stakeholders. • Gains the trust of others through active engagement. Improve the Way the World Works: • Can identify and implement complex process improvements. • Learns and adapts quickly when facing new problems. Teamwork • Solves problems with peers in a professional and constructive way. • Steps up to lead peers when needed and demonstrates passion and engagement in working with the team. Qualifications: (Essential/desirable qualifications for the role – preferred maximum of 4) • Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline • Preferred certifications: o ISC2 CISSP Certified Information Systems Security Professional o SANS GIAC Certified Penetration Testing (GPEN) o SANS GIAC Certified Intrusion Analyst (GCIA) o SANS GIAC Certified Incident Handler (GCIH) o SANS GIAC Security Essentials (GSEC) o OffSec Defense Analyst (OSDA) o OffSec Certified Professional (OSCP) o CompTIA Security+ Experience: (Knowledge and skills required to get the work done – preferred maximum of 6) 3+ years cybersecurity engineering experience; deep technical expertise in cloud, security tools, and architecture; experience with Zero Trust, NIST, CMMC; strong understanding of networking, IAM, endpoint security. Scope Factors (Identifies the complexity dimensions of the role including revenue lines, profit, people, geographic responsibility, capital/departmental budgets, matrix management) • Revenue/Profit Impact o Protects revenue by engineering controls that reduce likelihood/impact of cyber incidents (enterprise, cloud, OT/ICS). o Contributes to margin protection by enabling secure-by-design solutions and reducing rework, outages, and incident costs. • People o No direct reports o Provides technical guidance to project teams and influences solution architects and system owners. • Geographic Responsibility o Global scope across corporate, manufacturing, and OT sites; secures multi-region cloud (Azure/AWS). o Supports remote and on-site activities as needed. • Capital & Departmental Budgets o Influences security technology selection and standards; contributes to business cases and ROI. o Typical project influence: CapEx $250K–$2M (firewalls, email security, segmentation, SIEM/SOAR, OT visibility), OpEx $100K–$750K (licenses, subscriptions, support). • Matrix Management o Leads technical workstreams across infrastructure, cloud, networking, OT engineering, and applications. o Partners with Compliance/Legal/Procurement for CMMC/NIST-aligned control implementation and vendor governance. • Risk & Compliance Scope o Designs and hardens controls aligned to Zero Trust, NIST (CSF/800‑53), and CMMC requirements. o Accountable for engineering guardrails in regulated enclaves (e.g., CMMC environments) and documenting control evidence. • Vendor & Contract Influence o Provides technical evaluation and requirements for RFPs; recommends vendors and architecture. o Influences contracts and SOWs (typical TCV impact $1M–$5M across platforms and services). • Operational Complexity o Owns/tunes perimeter & email security platforms (firewalls, SWG, SEG), endpoint control frameworks, and OT/ICS segmentation/visibility. o Balances security, availability, and manufacturing uptime; drives automation and IaC guardrails in cloud.
Sourced from linkedin · view original
Let the agent run this one for you.
Tailored resume, auto-apply, and referral lookup — in under 2 minutes.
Section · 02