IT Security Engineer

Dedicated to innovative placemaking, Howard Hughes Communities is the real estate platform of Howard Hughes Holdings Inc. (NYSE: HHH) and is recognized for its ongoing commitment to design excellence and to the cultural life of its communities. Building on that foundation, we foster a culture of curiosity that empowers every employee to shape their own story within our organization.

About the Role

The IT Security Engineer, reporting to the IT Security Lead, is responsible for protecting the integrity, confidentiality, and availability of Howard Hughes Holdings' (HHH) IT infrastructure across both on premises and cloud environments.

This role supports the design, implementation, and operation of security controls and processes that enable secure business operations. The IT Security Engineer partners closely with the IT Security Lead, Infrastructure, Application, and GRC teams to detect, prevent, and respond to security threats across the enterprise.

What You Will Do

Security Monitoring & Incident Response

• Monitor networks, endpoints, and systems for security breaches using HHH's EDR solution and SIEM to detect intrusions and anomalous behavior.

• Triage and investigate alerts, escalating and collaborating with the IT Security Lead as appropriate.

• Lead handson technical response for security incidents, including containment, eradication, and recovery activities, in coordination with the IT Security Lead and MDR partner.

• Conduct or support technical and forensic investigations to determine root cause and scope of incidents.

• Document and maintain incident response procedures, playbooks, and postincident lessons learned.

• Continuously improve the Incident Response Plan and procedures to align with emerging threats and business needs.

Security Assessments & Vulnerability Management

• Perform network and system security assessments and audits to identify control gaps and weaknesses.

• Organize and conduct vulnerability scans and testing (in coordination with relevant teams) to identify vulnerabilities across infrastructure and applications.

• Conduct or coordinate penetration testing and simulate attacks to identify exploitable weaknesses.

• Analyze and report results of scanning and testing, including risk ratings and remediation recommendations.

• Partner with system owners to track, prioritize, and drive remediation of identified vulnerabilities within agreed SLAs.

Security Architecture & Strategy Support

• Support the IT Security Lead and senior security leadership in analyzing, designing, and maintaining security roadmaps and implementation plans.

• Identify, define, and document system security requirements for new and existing solutions.

• Recommend security solutions, patterns, and standards to management and project teams.

• Implement, maintain, and monitor NISTaligned security controls to protect infrastructure and systems.

• Create, modify, and maintain security and riskfocused business intelligence dashboards and reports to support decisionmaking.

Security Tools & Infrastructure Support

• Implement and manage security tools (including opensource and thirdparty solutions) that assist in detection, prevention, and analysis of security threats.

• Review and help tune configurations for firewalls, data encryption, EDR, email security, and other security products to ensure alignment with standards and policies.

• Review and evaluate email and other forms of communication for potential phishing, data loss, or other security risks.

• Support and maintain security relevant hardware, software, and connectivity components within the network security framework.

• Design and plan major securityrelated upgrades and changes to ensure reliability, availability, and secure operations.

Collaboration & Knowledge Sharing

• Collaborate with IT engineers, systems administrators, application, and IT Governance, Risk, and Compliance teams to design secure technical solutions and processes.

• Provide guidance to the application development team on secure coding standards and secure SDLC practices.

• Conduct or support user awareness training on information security standards, policies, and best practices.

• Share threat intelligence, incident trends, and control improvements with relevant stakeholders to increase overall security awareness.

About You

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field; or 3-5 years of handson experience in a dedicated IT Security or Cybersecurity role.

• Experience working with EDR, SIEM, vulnerability management tools, and common enterprise security technologies.

• Hands-on experience securing and monitoring enterprise cloud infrastructure, with a strong focus on Azure and AWS.

• Strong preference for industryrecognized certifications such as CISSP, CEH, ECIH, CySA+, Security+, SecurityX, CISM, or GCIH.

• Proven track record in driving security remediations and lifecycle vulnerability management.

• Experience conducting comprehensive third-party security reviews, evaluating SOC reports, and assessing data privacy risks.

• Indepth knowledge of cybersecurity principles, technologies, and best practices.

• Strong understanding of regulatory and compliance requirements (e.g., NIST, SOX, privacy regulations) relevant to enterprise security.

• Demonstrated ability to contribute effectively to a highperforming cybersecurity team.

• Ability to create, modify, and maintain business and security reporting dashboards.

• Excellent interpersonal, verbal, and written communication skills, with the ability to translate technical issues into business terms.

• Experience evaluating and mitigating security risks associated with AI.

• Strong problemsolving and criticalthinking skills; able to exercise sound judgment without all information available.

• Collaborative, selfdirected, and able to manage multiple competing priorities in a dynamic environment.

• Curiosity about artificial intelligence and emerging technologies, with a strong desire to continuously learn and apply new tools to work more efficiently.

• Ability to travel as business needs require.

• Hybrid work schedule with 4 days onpremise each week.

• This job description is not intended to be an allinclusive list of the duties and responsibilities of this role. Other related duties and responsibilities may be assigned. The Company reserves the right to change or modify job duties as necessary based on business necessity.

Benefits Built for You
At Howard Hughes Communities, we offer competitive, market-based compensation that rewards performance and supports career growth. Our comprehensive benefits package designed to support employees at every stage of their career, is focused on holistic wellness-social, emotional, financial, and physical.

• Competitive 401k plan

• Generous PTO policy

• Premium medical, dental, and vision coverage

• Voluntary benefits for unexpected life events

• Student loan assistance and stipends to assist with lifelong learning

About Howard Hughes Communities

Howard Hughes Communities develops, owns, and operates the nation's premier large-scale master planned communities and mixed-use developments. Our award-winning portfolio includes The Woodlands, Bridgeland, andThe Woodlands Hillsin Greater Houston; SummerlininLas Vegas; Teravalis inGreater Phoenix; Ward VillageinHonolulu; and Merriweather District inColumbia, Maryland. Strategically positioned to meet and accelerate development based on market demand, we offer one of the strongest real estate platforms in the country. Learn more atcommunities.howardhughes.com.

NOTICE TO THIRD-PARTY AGENCIES
Please note that Howard Hughes Communities does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Recruitment Fee Agreement, Howard Hughes Communities will not consider or agree to payment of any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without a previously signed agreement, Howard Hughes Communities explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Howard Hughes Communities.