Information Security Engineer

Seattle Washington
Required Experience: 0 year(s)
Employment Type: Full-Time
Salary Range: Not available
Posted 9 days ago
CEO Pledge
Job Description
Who We Are: Brooks is a team of passionate people united by a desire to do meaningful work, lead healthy lives and make a difference. We share a focused mission: to inspire everyone to run and be active. That’s it. No distractions—it’s all about the run. Through science, creativity, service, authenticity and connection, we obsess over delivering the best running gear on the planet. We do it our way, with our unique spirit, with a goal of being more relevant to runners than any other brand, day after day and mile after mile. We are determined to innovate, challenging ourselves to lead thought at every turn. Inside these walls and on the roads, tracks and trails, we live and breathe Run Happy, celebrating the positive impact running has on our lives and others. We inject it into all we do because it makes everything better, smarter, more fun and more memorable. Our company culture defines us, bonds us together and creates the conditions for success. It is lived daily as a behavioral expression of our collective set of brand values: Connect with People, Innovate for our Customer, Compete as a Team, Build Trust, Have Fun & Bring Passion, and Be Active. If you’re on our team, it means you’re part of creating something extraordinary. You’re part of Brooks. As the Brooks Information Security Engineer, you will bring your passion for offering extraordinary service to a truly cutting-edge company and share your dedication to offering the finest service and product to its customers. The Information Security team is seeking a security professional to lead compliance programs by defining, guiding and implementing security technologies, policies and practices to support a globally expanding enterprise. You will be responsible for securing all technology solutions across the globally expanding organization by providing expert advice throughout the Operations, Data and Applications lifecycle. As a Brooks Information Security Engineer, you will provide analysis, definition and recommendations of Information Security requirements for all enterprise technologies, computing assets and network infrastructure. Beyond the technical and experience requirements listed below, the Information Security Engineer will be a key member of the Brooks Information Security Team; defining, implementing, handling and managing diverse internal and external controls. The design of these controls will ensure the confidentiality, integrity and availability of critical information systems and resources including but not limited to: Data/Information Application/Software Servers/Services Desktops/Laptops Hardware/Physical Assets Networks/Telecommunications Success in this role includes identifying and mitigating risks, implementing necessary safeguards/controls and designing processes to monitor security activities and countermeasures. You will play an integral role in designing and performing security compliance and risk assessments/risk remediation efforts. Responsibilities: • Design and optimize our network perimeters to protect our network boundaries and sensitive data flows including firewalls, VPNs, wireless security, network access controls, and web and email security • Implement and maintain security solutions such as privileged access management, data loss prevention and anti-malware solutions • Lead Single Sign-on, Multi-factor Authentication, Enterprise Mobility Management, security certificates and the SIEM solutions • Run the expansion and enhancement of company security monitoring and alerting capabilities • Advise Business and Infrastructure groups with security pre-project assessments to ensure that security controls are included into the planning, development, integration and implementation cycles • Design, plan and execute security audits, analyses, compliance reviews, risk assessments, vulnerability assessments and intrusion detection/prevention efforts • Collaborate with Operational team members to ensure security technologies and practices are actively managed and fully leveraged • Manage the incident response (“IR”) process including raising awareness of the IR process and procedures, leading annual exercises and participating in incident investigations and remediation • Develop and maintain information security policies, standards and guidelines • Act as an agent of security awareness, foster and influence good internal information security practices through presentations, training and other communication opportunities • Maintain a current awareness of information security issues and trends to provide problem resolution, make recommendations to improve current processes, communicate and mentor peer groups within the Information Technology department • Provide management and business clients with information related to security and threat trends to protect the company from internal and external intrusions and risks • Maintain professional security certifications and accreditations • Other responsibilities as assigned Qualifications: • Bachelor’s degree in Information Technology, Computer Science or related discipline, or equivalent work experience • Professional certification such as CISA, CRISC, CISSP or CISM • Minimum of 5 years’ information technology and 2 of information security experience • Experience with leading network perimeter security including Web Applications Firewalls (Barracuda, Cisco ASA and ISE, SonicWall, Cisco Umbrella) • Experience with securing cloud infrastructure (Azure, AWS) • Solid grasp of vulnerability management, including an understanding of the process and activities associated with vulnerability identification and remediation • Demonstrated ability to identify security events associated with known and expected network behavior, filter out known false positives and/or known errors • Experience using SIEM tools for log collection, analysis and correlation rules • Strong knowledge of modern networking and web related protocols (e.g., TCP, UDP, IPSEC, HTTP response codes & methods, REST API basics, etc.) • Possess solid understanding of cryptography basics (public/private keys, TLS certificates, PKI, etc.) • Practical knowledge of network and communication systems and equipment • Possess a thorough understanding of Data Loss Prevention (DLP) methodologies and best practices • Experience hardening and applying modern security standards across servers, workstations, SaaS-based solutions, and network equipment • Demonstrated track record staying up to date with Information Security and threat intelligence knowledge across the security and tech communities. • Knowledge of security frameworks and methodologies such as ISO27001, NIST and PCI-DSS • Confirmed written and verbal communication skills • Confirmed results-oriented abilities while working as a member of a team and/or independently • Possess the ability to remain flexible in your point-of-view order to support the direction taken by the company and/or business At Brooks, we celebrate diversity & equity. We are committed to creating an inclusive environment, and encourage people of all backgrounds, perspectives, experiences, and skills to apply. Brooks is proud to be an equal employment opportunity employer. All employment decisions are made without regard to race, religion, color, national origin, gender, gender identity, the presence of a sensory, physical or mental disability, medical condition, military status, marital status, pregnancy or child birth, sexual orientation, age, genetic information, status as a victim of domestic violence, sexual assault or stalking, political ideology, or any other non-merit based factors. Apply for this job