[Remote] Information Security Engineer
Note: The job is a remote job and is open to candidates in USA. Keyfactor is a leader in trust infrastructure for AI and machines, helping enterprises and government agencies manage their cryptographic identities. The Information Security Engineer will execute and enhance security operations, risk management practices, and compliance programs, focusing on incident response and vulnerability remediation.ResponsibilitiesExperience conducting vulnerability assessments, system audits, and risk analysis using industry-standard scanning tools (e.g., Nessus, Azure security tools, Tenable, Burpsuite, etc…) to support a proactive security postureManage and implement continuous monitoring processes to ensure the organization maintains compliance with a variety of information security frameworks, including ISO 27001:2022 and SOC 2 Type II. Experience with government compliance standards such as FedRAMP (NIST SP 800-53) and CMMC is preferred. This role focuses on ensuring robust security practices and adapting to evolving compliance requirementsCollaborate closely with IT, DevOps, Engineering, and Compliance teams to enforce security policies, procedures, and best practicesActively monitor, analyze, and respond to security alerts and incidents, performing investigations, incident handling, and recommending corrective actionsProvide expert guidance on security matters to support secure development and operationsSkills5+ years of experience in information security or a similar roleProficiency in vulnerability scanning tools (Nessus, Burpsuite, Tenable, etc…) and interpreting scan results for remediationStrong knowledge of security standardsDemonstrated experience in continuous monitoring, network security, firewalls, VPNs, IDS/IPS, and endpoint protectionStrong analytical skills and a meticulous approach to problem-solvingDemonstrated capability to deliver results on-time and to a defined scheduleApplicants must be legally authorized to work in the United StatesRelevant certifications (e.g., CISSP, CompTIA Security+, CAP) are strongly preferredFamiliarity with cloud security principlesExperience with security automation and continuous monitoring toolsPKI knowledge a plusKnowledge of scripting languages (Python, PowerShell) to automate security processesExperience in STIG configuration & implementation, and best practices for implementing these in various environments preferredExpertise in Government related InfoSec compliance frameworks such as NIST 800-53, NIST 800-171 preferredExperience with government-regulated environments (AWS GovCloud, Azure Government) preferredBenefitsSecond Fridays (a company-wide day off on the second Friday of every month minus November and December due to the Holiday schedule). Please note that this benefit is subject to change.Comprehensive benefit coverage globally.Generous paid parental leave globally.Competitive time off globally.Dedicated employee-focused ambassadors via Key Contributors & Culture Committees.DIVERSE Commitment, a call to action for a more inclusive and diverse future in business, society, and technology.The Keyfactor Alliance Program to support DEIB efforts.Wellbeing resources, wellness allowance, mindfulness app free membership, Wellness Wednesdays.Global Volunteer Day, company non-profit matching, and 3 volunteer days off.Monthly Talent development and Cross Functional meetings to support professional development.Regular All Hands meetings – followed by group gatherings.Company OverviewKeyfactor offers secure digital identity management solutions and empowers global enterprises to master every digital identity. It was founded in 2001, and is headquartered in Independence, Ohio, USA, with a workforce of 501-1000 employees. Its website is https://www.keyfactor.com.