IT Security Specialist focusing on cyber defense within a family - owned company. Responsibilities include managing firewalls, monitoring threats, and implementing security solutions.
About the role
- Senior Information Security Engineer leading enterprise-wide cybersecurity initiatives at e.l.f. Beauty. Designing security solutions and collaborating with teams to safeguard systems and data.
Responsibilities
- Design, build, deploy, and maintain enterprise security technologies and solutions aligned with business objectives, compliance requirements, and the cybersecurity program.
- Develop, document, and enforce security policies, standards, and procedures based on frameworks such as NIST, CIS, ISO 27001, and SOX while advancing overall security maturity, governance, and processes.
- Lead strategic security initiatives, including Zero Trust architecture, Data Loss Prevention (DLP), Cloud Security, Network Segmentation, IAM, Endpoint Security modernization, and security automation.
- Manage and improve email security, DNS security, and other protective controls to defend against phishing, malware, data exfiltration, and domain-based threats.
- Lead vulnerability management programs and drive remediation efforts, providing visibility into risks and progress to stakeholders.
- Oversee incident response lifecycle—detection, analysis, containment, remediation, post-incident review—and continuously enhance disaster recovery and business continuity plans.
- Monitor and analyze security events and network activity (e.g., traffic analysis, host behavior, forensics, kill chain, Windows event analysis), tuning tools, and event correlation for accurate threat detection.
- Collaborate with IT, DevOps, and digital teams to embed security into system design, application development, deployment pipelines, and cloud infrastructure.
- Evaluate and review vendor and partner security practices to ensure alignment with organizational standards.
- Produce regular security dashboards and metrics to report on incidents, threats, and operational effectiveness.
- Lead security awareness training, mentor junior engineers, and guide cross-functional teams on secure design principles and best practices.
- Stay current on emerging threats, vulnerabilities, and technologies to enhance enterprise resilience.
Requirements
- Bachelor’s degree in Computer Science, Cybersecurity, or related field; Master’s preferred.
- 7+ years of experience in information security engineering, architecture, or operations.
- Expertise in cloud security (AWS, Azure, GCP), data protection, IAM/SSO/MFA, email and DNS security, and secure network architecture.
- Hands-on experience with key security technologies: firewalls, VPN, NAC, EDR/MDR, IPS/IDS, SIEM, DLP, vulnerability management, and email security platforms (Proofpoint, Mimecast, Microsoft 365 Defender).
- Strong understanding of Zero Trust, endpoint protection, DevSecOps, security automation, and scripting (Python, PowerShell, Bash).
- Proven ability to lead incident response, risk assessments, threat detection, and remediation efforts.
- Experience implementing DNS protection solutions (Cisco Umbrella, Cloudflare, Infoblox, Valimail).
- Knowledge of security frameworks and compliance standards: NIST CSF, CIS Controls, ISO 27001, SOX.
- Demonstrated success in leading security awareness programs, mentoring team members, and advancing security program maturity.
- Relevant certifications preferred: CISSP, CISM, CISA, GIAC, Microsoft Security certifications, AWS Security Specialty, Azure Security Engineer Associate.
- Strong communication, leadership, and ability to manage multiple security initiatives.
Benefits
- bonus eligibility (200% of target over the last six fiscal years)
- equity
- flexible time off
- year-round half-day Fridays
- hybrid 3 day in office, 2 day at home work environment
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Junior Information Systems Security Engineer at AMERICAN SYSTEMS managing DoD cyber security. Collaborating on technical issues and supporting risk management framework compliance.
Information Systems Security Engineer assisting in cyber security requirements for DoD systems. Collaborating closely with customers and ensuring compliance with the DoD Risk Management Framework.
Staff Product Security Engineer driving security innovation while ensuring compliance with federal standards at DataRobot. Leading security engineering, automation, and customer engagement for federal customers.
Auszubildende(n) zur Fachkraft für Schutz und Sicherheit in Hamburg bei proSicherheit GmbH. Modernes Sicherheitsunternehmen mit Fokus auf Sicherheit und Vertrauensaufbau.
Security staff for proSicherheit performing access controls and ensuring compliance with safety standards. Involves reporting, patrolling, and handling emergencies in Hamburg area.
Cyber Security Engineer responsible for DevSecOps and security automation at a leading Swiss IT consulting firm. Engaging in security measures across industries with a focus on collaboration and technology.
Cloud Security Architect responsible for strategic growth and development of Cloud Security solutions. Work with national clients on architecture and security concepts in Switzerland.
Information Security Manager coordinates ISMS development and security measures for Megamaris GmbH. Responsible for risk analysis and security training across 12 subsidiaries.
Security GRC Manager managing audits and compliance programs at Salesforce. Overseeing cloud security compliance and collaborating across departments for risk management.