Penlink is a technology company bringing clarity to complex data for people who need it now. We partner with law enforcement agencies across the United States, offering a software solution to manage data and aid investigators solving crimes. It sounds like a lot of data and analytics, but really, it’s about improving the world and keeping safe the places we call home.

We are seeking a motivated and skilled Mid-Level Information Security Professional to join our corporate security team. This individual will play a crucial role in enhancing our security posture, managing vulnerability assessments, overseeing identity and access management, and supporting our incident response efforts.

The ideal candidate will possess hands-on experience with security tools and technologies, particularly in the areas of Cloud Security Posture Management (CSPM), and a strong understanding of compliance requirements.

LOCATION: Qualified candidates must reside within commuting distance of Lincoln, NE.

RESPONSIBILITIES:

• Conduct regular vulnerability assessments, prioritize remediation efforts, and collaborate with cross-functional teams to mitigate security risks.

• Manage user access controls, conduct audits, and implement IAM policies to ensure secure access to systems and data.

• Experience with configuring, monitoring, and troubleshooting firewalls to enhance the organization's security posture

• Assist the incident response team in identifying, investigating, and responding to security incidents. Contribute to post-incident reviews and improvements in processes.

• Monitor security systems and alerts to identify potential threats. Analyse security incidents and propose solutions to enhance overall security effectiveness.

• Utilize Cloud Security Posture Management tools to assess and manage security configurations in cloud environments, ensuring compliance with security best practices and regulatory requirements.

• Collaborate with third-party vendors or internal teams to conduct penetration tests and vulnerability assessments, analyzing results and recommending remediation.

• Maintain comprehensive documentation of security incidents, vulnerability assessments, and IAM activities. Prepare reports for management to communicate security risks and initiatives.

• Work closely with IT, Operations, and development teams to implement the best security practices and provide guidance on security-related issues.

• Understand the technical requirements and controls associated with SOC 2 and ISO 27001 standards to ensure compliance and support audit processes.

• Work with the compliance team to collect evidence necessary for audits and assessments related to SOC 2 and ISO 27001 compliance.

• Participate in internal and external security audits, ensuring compliance with regulatory requirements and industry standards.

• Stay up to date with the latest security trends, technologies, and threats, and recommend improvements to the security infrastructure based on this knowledge.

• Hands-on experience (typically 4-6 years of relevant experience)

• 4-5 years of hands-on experience in information security, with a focus on vulnerability management, IAM, and security monitoring.

• Ability to educate employees about security policies and best practices to foster a culture of security awareness within the organization

• Advantage: Bachelor’s degree in computer science, Information Security, or a related field.

• Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, SOC 2).

• Familiarity with CSPM tools (e.g., Prisma Cloud, Wiz, or similar).

• Proficiency in Endpoint Detection and Response (EDR) management, with a preference for experience with CrowdStrike, along with experience using security monitoring and incident response tools (e.g., SIEM solutions) for proactive threat detection and response.

• Experience with firewall management and network security, with a preference for experience with Fortinet products.

• Strong background in Mobile Device Management (MDM) and access control, with experience in managing security for both mobile and desktop devices across diverse environments.

• Relevant hands-on certifications such as Certified Ethical Hacker (CEH), CompTIA Security+, Certified Information Systems Security Professional (CISSP), AWS Certified Security – Specialty and Microsoft Certified: Azure Security Engineer Associate are preferred.