Engineer - Information Security

Engineer - Information Security

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere.

The Engineer - Information Security is responsible for supporting the planning, execution, and managing of multi-faceted projects related to risk management, mitigation and response, compliance, control assurance, and user awareness for all IT systems. This key role will support, monitor, and maintain information security infrastructure to protect the company's computer systems and networks from cyber-attacks, and help execute the information security program in compliance with policy and applicable regulations. They conduct security testing on simple to intermediate assets and support design, development, implementation and troubleshooting of various information system and cybersecurity software. They gather reports, metrics, and key performance indicators to measure and validate the effectiveness of existing security controls for team review. They analyze and report known and emerging threats to determine risks against asset creation, maintenance, and governance.

Primary Responsibilities:

• Supports information security infrastructure to protect the company's computer systems and networks from cyber-attack and ensures information security compliances to all infrastructure
• Provides support to security incidents and assists in forensics investigations
• Assists in security assessments and attestations and works on security initiatives/issues for like identity management, access control, security clearance etc.
• Provides assistance to ensure the company's infrastructure and information assets are protected and helps in developing security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security assessment procedures, and use of firewalls and encryption routines
• Assist teams in resolving issues that are uncovered by security monitoring tools
• Assists in the implementation of enterprise-wide security policies, procedures and standards to meet compliance responsibilities
• Supports in creating technical/functional design documents, in building, maintaining, and implementing cybersecurity, data security, and cloud security solutions
• Participates in gathering reports, metrics, and key performance indicators to measure and validate the effectiveness of existing security controls for team review
• Conducts security testing on simple to intermediate assets as scoped by security assessment engagement
• Assists in conducting risk assessments, creating security assessment reports with evidence of findings and discoveries, and escalating data security compromises
• Assists in performing dynamic application security testing using both manual and automated testing tools
• Gathers metrics, and KPIs of penetration testing program for management review
• Documents targets, test plans, scenarios tested, findings, test evidences and recommendations in penetration test report
• Conducts security testing validation for incidents as directed by management
• Assists in research of vulnerabilities and provides status updates of issues to Lead Engineers
• Assists project team in gathering cyber, data, mobile and cloud security business requirements, and aids in documenting project scope
• Assists in the evaluation and recommendation for tools and solutions that provides cyber, data, mobile and cloud security functions
• Supports in managing the computer security program and applying IT security principles, methods, and security products to protect and maintain the availability, integrity, confidentiality, and accountability of information system resources and information processed
• Handles the complex and detailed technical work necessary to establish security systems such as firewalls, monitoring software, encryption technology, cloud security and threat hunting
• Assists in planning, implementing, and managing the overall system security strategy, secure network, cloud, platform, and application solutions

Education, Experience & Skillset Requirements:

Education:

• Bachelor's Degree in Computer Science, Information Technology or any other related discipline or equivalent related experience.

Preferred Certifications:

• Azure Security Engineer Certification
• Certified Cloud Security Professional (CCSP)
• Certification in Information Security Strategy Management (CISM)
• Certified Information Systems Security Professional (CISSP)
• CompTIA Security + Certification
• Systems Security Certified Practitioner (SSCP)

Work Experience & Skillsets:

• 0-2 years of directly-related or relevant experience, preferably in information security.
• Problem Solving
• Creativity & Innovation
• Critical Thinking
• Impact and Influencing
• Multitasking
• Prioritization and Organization

Technical Skills:

• Network Solutions and Systems
• Cybersecurity
• Data Security
• Cloud Security
• Programming and Development
• Information Security Strategy Standards (SOX, ISO 27001/27002, COBIT, ITIL, NIST, PCI)
• IT Risk Management

Tools Knowledge:

• Microsoft Office Suite
• Programming and Development Languages - JavaScript, HTML/CSS, Python, SQL
• Security Tools - SIEM, EDR, Email Security Gateway, SOAR, Firewall, Anti-virus, Firewalls, VPN IDS/IPS, AV, proxies, etc.