Engineer - Information Security (Memphis, TN)

At ALSAC you do more than make a living; you make a difference.

We like people who are different...because we're different, too. As one of the world's most iconic and respected nonprofits, we know what it's like to stand out. That's why we're looking at you. Your background, perspective, and desire to make an impact set you apart. As we work to help St. Jude cure childhood cancer, we're calling on the game-changers, innovators and visionaries to join our family. Not just for the kids of St. Jude, but also for you. Because at ALSAC, we develop and celebrate our employees. So, bring your whole, authentic self and become part of our shared mission: Finding cures. Saving children.®

Job Description

The Information Security Engineer is responsible for implementing, operating, monitoring, and continuously improving enterprise security solutions across cloud, on-prem, and hybrid environments. This role focuses on hands-on engineering and operational ownership , ensuring security controls are effective, resilient, and aligned with architectural standards, best practices, and regulatory requirements.

As risks evolve, the Information Security Engineer proactively recommends and implements enhancements to keep pace with the modern threat landscape.

This role works closely with security leadership, architects, infrastructure teams, application development, the Security Operations Center (SOC), audit, and business stakeholders. The engineer plays a direct role in securing systems, applications, third-party integrations, service providers, and business-to-business initiatives.

Success in this role is measured by outcomes -improved detection capability, reduced risk exposure, operational stability, and the maturity of security tooling and processes.

Key Responsibilities

Security Engineering & Operations

• Implement, operate, monitor, and maintain enterprise security platforms, including hardware, software, customer applications, managed services, and vendor solutions.
• Own day-to-day operational support of security controls, ensuring availability, performance, and minimal business disruption.
• Research, validate, and deploy security solutions that meet both business and security requirements.
• Conduct performance and stress testing to identify limitations while supporting innovation and usability.

Secure Design & Project Delivery

• Participate in and lead security design discussions, ensuring solutions align with architecture standards and secure-by-design principles.
• Contribute to security projects that assess existing infrastructure, recommend improvements, and deliver enhancements on time, within budget, and in accordance with SLAs.
• Develop security test plans from architectural designs, identify gaps, and implement improvements prior to production impact.
• Actively participate in change management and change review processes.

Incident Response & Detection

• Support and participate in incident response activities, including investigation, containment, remediation, and post-incident reviews.
• Drive improvements to detections, controls, and response playbooks based on real-world incident learnings.
• Influence the planning and execution of incident response exercises and postmortems, creating measurable benchmarks to track maturity and progress.
• Participate in or support off-hours response activities as required.

Risk, Compliance & Governance

• Implement technical controls aligned to regulatory and compliance requirements such as HIPAA, PCI, SOX, GLBA , and applicable privacy laws.
• Translate compliance and risk requirements into enforceable, scalable security solutions.
• Partner with audit, risk, and compliance teams while maintaining a strong engineering and operational focus.

Collaboration & Continuous Improvement

• Work closely with architects, SOC analysts, incident responders, infrastructure teams, and application developers.
• Respond to service requests and escalation tickets within SLA expectations.
• Drive automation and efficiency to reduce manual effort and enable focus on higher-value security initiatives.
• Perform other duties as assigned.

Hands-On Engineering Experience

• Direct ownership of enterprise security platforms such as SIEM, EDR, IDS/IPS, IAM, vulnerability management , and related tooling.
• Proven ability to deploy, tune, troubleshoot, and operate security controls in production environments.
• Experience supporting real security incidents-not just alert triage.

Technical Focus Areas

• Cloud & Hybrid Security: Securing workloads across AWS and/or Azure, alongside on-prem environments; deep understanding of identity, networking, logging, and monitoring.
• Incident Detection Engineering: Improving detections, alerts, and response workflows based on threat intelligence and observed attacker behavior.
• Security Automation: Using scripting or automation to improve efficiency, reliability, and scale.
• Operational Excellence: Strong discipline around SLAs, change management, and production stability.

Collaboration & Working Style

• High level of interaction with Infrastructure, Development, and SOC teams.
• Strong communicator with the ability to influence without formal authority.
• Comfortable balancing engineering depth with cross-functional partnership.

What Makes This Role Exciting

• High-impact ownership: Direct influence over how security is implemented and measured across the enterprise.
• Broad technical exposure: Cloud, network, endpoint, identity, application security, third-party risk, and automation.
• Strategy visibility: Engineers provide feedback that shapes security architecture and long-term program direction.
• Modern security practices: Emphasis on purple teaming, threat-driven improvements, automation, and continuous control enhancement.

Job Requirements

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent.
• Certification Requirements: CISSP, CISM and/or SANS certification a plus.
• 7+ years of experience in cybersecurity, including risk and compliance, with a strong system and network security engineering background.
• Highly technical and analytical, with proven experience in technology design, implementation, and delivery (preferred 5+ additional years in ITS or infrastructure roles ).
• Experience with purple teaming (red and blue collaboration) to identify, validate, and remediate security gaps.
• Hands-on experience securing cloud environments (IaaS, PaaS, SaaS) across public, private, and hybrid models.
• Extensive knowledge of traditional and modern security technologies, including: SIEM, IDS/IPS, PKI, IAM/IDAM, antivirus, firewalls, EDR, threat intelligence platforms, automation/orchestration, application controls, deception technologies.
• Experience supporting vulnerability management, penetration testing, and remediation efforts.
• Demonstrated ability to clearly communicate cybersecurity risk in business terms.
• Track record of integrity, accountability, curiosity, adaptability, and effective collaboration.

This position is based on the St. Jude Campus at our National Executive Office in Memphis TN and provides a hybrid work opportunity.

Benefits & Perks
The following Benefits & Perks apply toFull-Time Roles Only
We're dedicated to ensuring children and their families have every opportunity to enjoy life's special moments. We're also committed to giving our staff excellent benefits so they can do the same.

• Core Medical Coverage: (low cost low deductible Medical, Dental, and Vison Insurance plans)
• 401K Retirement Plan with 7% Employer Contribution
• Exceptional Paid Time Off
• Maternity / Paternity Leave
• Infertility Treatment Program
• Adoption Assistance
• Education Assistance
• Enterprise Learning and Development
• And more

ALSAC is an equal employment opportunity employer.

ALSAC does not discriminate against any individual with regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, transgender status, disability, veteran status, genetic information or other protected status.

No Search Firms:

ALSAC does not accept unsolicited assistance from search firms for employment opportunities. All resumes submitted by search firms to any ALSAC employee or ALSAC representative via email, the internet or in any form and/or method without being contacted and approved by our Employee Experience team and without a valid written search agreement in place will result in no fee being paid if a referred candidate is hired by ALSAC.