Information Security Engineer II

This position primarily collaborates with the Information Security teams, IT, OT, and asset owners to reduce cyber risk by identifying, prioritizing, and remediating vulnerabilities across the Cooperative’s IT and Operational Technology (OT) environments, including manufacturing systems, industrial control systems (ICS), and plant networks.

Job Duties and Responsibilities:

• Own day-to-day execution and continuous improvement of the Vulnerability Threat Management (VTM) program
• Identify, analyze, prioritize, and track vulnerabilities across endpoints, servers, network devices, cloud workloads, Webservers and OT/manufacturing assets
• Analyze vulnerability data in the context of exploitability, asset criticality, business impact, and OT safety and availability constraints
• Coordinate remediation efforts with IT infrastructure, application owners, plant engineers, and operations teams, ensuring clear ownership and tracking
• Apply risk-based vulnerability management in environments where patching may be constrained by uptime, safety, regulatory, or vendor limitations
• Develop and maintain vulnerability dashboards, KPIs, and executive-level metrics to measure risk reduction and remediation effectiveness
• Ensure vulnerability management processes align with internal security standards, policies, and risk management practices
• Evaluate and continuously improve vulnerability management tooling, scanning coverage, asset visibility, and data quality
• Collaborate with cross-functional teams to promote secure configuration, patching best practices, and sustainable risk reduction
• Identify and implement automation opportunities to improve remediation efficiency, workflow integration, and reporting accuracy
• The requirements herein are intended to describe the general nature and level of work performed by the employee, but is not a complete list of responsibilities, duties, and skills required. Other duties may be assigned.

Qualifications:

Minimum Requirements:

Education and Experience

• Bachelor’s degree in information technology, Computer Science or related field preferred, or equivalent combination of education, certifications, and hands-on vulnerability management experience may be considered in lieu of a degree
• Minimum of 2 years of experience with a strong focus on vulnerability management, specifically experience:
• managing the full vulnerability lifecycle
• interpreting vulnerability source data using CVEs, CVSS, exploitability, and threat intelligence to determine risk
• coordinating remediation across multidiscipline teams
• aligning vulnerability management activities with security frameworks such as NIST-800-53
• implementing and supporting enterprise vulnerability scanning platforms
• integrating vulnerability sources with ticketing, workflow, or ITSM platforms, preferably ServiceNow
• developing and maintaining vulnerability metrics, dashboards, and executive-level reporting
• leveraging Microsoft Defender for Endpoint for vulnerability and exposure management
• managing vulnerability exception handling and evaluation of compensating control assessment

• managing external service providers
• Previous work experience in the Dairy, Food, Beverage or Consumer Products industry preferred
• Exposure to OT, ICS, or manufacturing environments preferred

Knowledge, Skills, and Abilities

• Vulnerability lifecycle management: discovery, analysis, prioritization, remediation, and risk acceptance
• Risk-based vulnerability prioritization using CVEs, CVSS, exploitability, and threat intelligence
• Understanding of secure configuration, patching, and baseline compliance
• Familiarity with hybrid and cloud environments (Azure, AWS, or equivalent)
• Knowledge of endpoint and server hardening best practices
• Able to translate technical vulnerabilities into business and operational risks
• Able to present ideas using language that is relatable to business and end-users
• Able to present to diverse audiences from front line team members to senior management
• Able to evaluate impact of actions and decisions on employees, coworkers, and customers
• Able to communicate clearly and effectively, both verbally and in writing
• Able to apply technological solutions to business problems
• Able to work with accuracy and attention to detail
• Able to work in collaboration effectively and foster good teamwork
• Skilled in critical thinking, analysis, mathematical calculations, and statistical evaluations
• Able to work independently and as part of a team
• Able to prioritize and meet deadlines
• Able to promote a team environment
• Able to perform tasks and duties with minimal supervision
• Able to read, write, and speak English

An Equal Opportunity Employer including Disabled/Veterans