What are the responsibilities and job description for the Information Security Engineer position at Calance?
InfoSec Engineer
6-month contract-to-hire
Glendale, CA - Onsite
Key Responsibilities:
Develop, implement, and maintain information security policies, standards, and procedures aligned with industry best practices and regulatory requirements.
Monitor and analyze network and system activity using SIEM and related tools to identify security threats.
Oversee compliance with internal policies and external regulations (e.g., GDPR, CCPA, ISO 27001), including conducting audits, assessments, and management reporting.
Identify, assess, and mitigate risks through risk assessments and vulnerability analyses, coordinating remediation with technical teams.
Serve as the first point of contact for security incidents, leading investigation, containment, remediation, documentation, and post-incident reviews.
Implement, maintain, and improve cybersecurity controls, including endpoint protection, DLP, and vulnerability management systems.
Support internal and external audits by maintaining compliance documentation.
Develop and deliver security awareness training and promote a strong security culture across the organization.
Collaborate with IT, legal, HR, and cross-functional teams to ensure consistent security controls and secure system implementations.
Prepare regular reports for senior management on security posture, compliance metrics, and incident trends.
Stay current on emerging threats, attack techniques, and regulatory changes to proactively reduce risk.
Required Skills & Experience:
3 years in Security Engineering, ProdSec, or DevOps roles
Strong knowledge of cybersecurity principles, threat detection, and incident response
Hands-on experience with risk assessment, vulnerability management, and remediation
Ability to develop, implement, and enforce security policies and standards
Experience monitoring systems and networks using SIEM and security tools
Proficiency in Python and/or Bash for security automation
Experience securing Linux and/or Windows systems
Familiarity with CI/CD pipelines and infrastructure-as-code (e.g., Terraform)
Working knowledge of compliance and security frameworks (ISO 27001, NIST, GDPR, etc.)
Ability to collaborate across engineering, IT, legal, and compliance teams
• Familiarity with anti-tamper strategies and reverse-engineering tools.
• Comfortable owning large initiatives end-to-end with minimal oversight.
• Hands-on experience with security tools such as firewalls, intrusion detection/prevention systems, and endpoint protection solutions