Security Engineer II

• Provides guidance on managing and mitigating IT security risk related to Curaleaf cloud network infrastructure and application solutions.

• Assists IT with maintaining compliance with various regulatory requirements including, HIPAA, SOX, CCPA and GDPR

• Monitors, researches, analyzes, and interprets federal and state regulations to determine applicability and risks to IT operations.

• Assists in the design, development, testing, documentation and implementation of Information Security application solutions, security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security management system.

• Updates existing information security policies, standards, guidelines, and procedures based on industry best practices and regulatory requirements.

• Conducts security reviews to ensure that Curaleaf information resources follow company policies and guidelines, and local, state, and federal regulations.

• Investigates and responds to security alerts generated by information security systems.

• Performs technical analysis with a variety of Information Security Tools and techniques to identify, analyze, and resolve security threats, vulnerabilities, events, and incidents.

• Coordinates with internal and external stakeholders to remediate or mitigate security vulnerabilities, events, and incidents.

• Assists with the preparation for periodic audits of internal data security controls to validate effectiveness, identify risks, and promote continuous improvement.

• Provides administrative support on Security awareness program and other operational security activities.

• Periodically reviews security audit logs.

• Conducts relevant research, data analysis, and developing reports.

• Participates in team problem solving efforts and offer ideas to solve issues.

• Other duties as required and assigned.

Required Knowledge

• Good working knowledge of Information Security principles and practices.

• Some working knowledge of HIPAA, SOX, GDPR and CCPA

• Solid working knowledge of Microsoft security tools, and other data security standards and protocol or security software

• Technical support processes and protocol.

Must Have Skills

• Basic understanding of TCP/IP and networking fundamentals.

• Excellent verbal, written, and interpersonal communication skills, including explaining technical concepts in non-technical terms.

• Effectively using organizational and planning skills with attention to detail and follow-through.

• Tracking, troubleshooting, and resolving user problems.

• Efficiently meeting deadlines, schedules, and target dates.

• Maintaining confidentiality of work-related information and materials.

• Establishing and maintaining effective working relationships.

Nice to Have Skills

• Experience in multiple Information Security disciplines/domains.

• Hands-on experience with a variety of Cloud based Information Security systems and tools, such as Security Information Event Management, Vulnerability Management, Intrusion Detection/Prevention, Web Content Filtering, Anti-Virus/Malware and Data Loss Prevention

• Strong understanding of Cloud threat landscape and mitigation processes.

• MITRE ATT&CK, NIST800-53 or 800-210, ISO27001:2018, CIS or comparable framework experience.

• Required Work Experience and Education

• Minimum of 1 to 3 years working experience in Information Technology or Information Security field.

• Will accept technical AAS degree in an information security related discipline in lieu of two years’ experience.

• Security Certification highly desirable (Security+, ITIL, GCLD, or any one Microsoft Cloud Security).