Information Security Engineer
H.I.G. Capital, Coral Gables, FL, United States
Firm Overview:
H.I.G. Capital is a leading global private equity investment firm with $65 billion of assets under management. The H.I.G. family of funds includes private equity, growth equity, real estate, debt/credit, lending and BioHealth. We align ourselves with committed management teams and entrepreneurs and help build businesses of significant value. Our team of over 500 investment professionals has substantial operating, consulting, technology, and financial management experience, enabling us to contribute meaningfully to our portfolio companies. We invest in companies throughout the U.S., Europe, and Latin America have offices in Miami, New York, Boston, Chicago, Dallas, Los Angeles, San Francisco, and Stamford in the U.S., and affiliate offices in London, Hamburg, Luxembourg, Madrid, Milan, and Paris in Europe as well as Bogotá, Mexico City and Rio de Janeiro in South America. Our funds invest in many types of transactions, including, leveraged buy outs, distressed debt, venture capital and real estate.
Role Overview:
The Information Security Engineer is a key member of the firm's Security Operations Group and the wider Information Security Group. This role is instrumental in protecting the firm’s technology and data assets from cyber threats and reducing cyber risk. Responsibilities include the planning, implementation, and ongoing management of the firm's cybersecurity controls, as well as contributing to the secure design of systems and infrastructure. This role will involve hands-on security engineering tasks, while also providing input into the architecture of secure solutions to ensure that security is embedded throughout the lifecycle of technology deployments. The engineer will conduct security assessments, participate in incident response efforts, and provide guidance on security best practices, ensuring the security and integrity of the firm’s assets.
Role Responsibilities:
Primary Responsibilities:
- Design, implement, and monitor security measures to protect technology and data assets, incorporating security best practices during system implementation.
- Identify and define security requirements for new and existing technology assets, ensuring that security is embedded into the design and architecture of solutions.
- Assist in the secure design of systems and applications, applying basic security architecture principles to ensure robust protection.
- Install, maintain, configure, and troubleshoot security platforms, including endpoint security and cloud security solutions.
- Develop technical solutions and security tools to help mitigate vulnerabilities and automate routine tasks.
- Participate in incident response efforts, including forensic examination of compromised systems and recommending architecture changes to prevent future incidents.
- Author reports, including findings from assessments, incidents, and recommendations for system security improvements.
- Review security tools and controls to ensure they align with industry standards and are optimized for effectiveness.
- Assist in performing risk assessments to identify vulnerabilities and design appropriate mitigating controls and action plans.
- Collaborate with IT teams to remediate security vulnerabilities and ensure secure configurations.
- Adhere to confidentiality policy, code of ethics, other firm policies/procedures, and compliance policies/procedures.
- Monitor threat intelligence feeds to stay informed of relevant threats and integrate those findings into ongoing security operations.
- Monitoring security telemetry data for unusual or suspicious activity.
- Mentor junior staff and provide training on security best practices and secure engineering principles.
Secondary Responsibilities:
- Assist in User Access Reviews, controls testing, and tracking the remediation of issues.
- Contribute to the development of security awareness programs, helping educate staff on security best practices.
- Support internal and external auditors during security reviews and help address any security- related audit recommendations.
- Stay up-to-date on laws, regulations, and industry trends to ensure the firm’s security practices remain current and effective.
Requirements & Qualifications:
- Bachelor’s or Master’s degree in Computer Science, Information Systems, or a related field.
- At least five years of experience in a related role, with a focus on security engineering and some exposure to security architecture concepts.
- Hands-on experience with security platforms, including firewalls, cloud security, IDS/IPS, endpoint security, and identity and access management.
- Proven experience in system security engineering, with a working knowledge of secure system design and architecture principles.
- Knowledge of risk assessment tools, vulnerability management, and remediation strategies.
- Experience with security frameworks, such as NIST CSF or CIS Top 18, and an understanding of current regulatory requirements.
- Strong analytical skills, with the ability to assess and mitigate security risks within technology environments.
- Excellent communication skills, with the ability to explain technical security concepts to both technical and non-technical audiences.
- Professional security certifications, such as CISSP, CEH, or equivalent, are desirable.
- Typical office environment with extended periods of sitting and computer use.
- Occasional domestic and international business travel may be required.