Information Security Engineer

The Role 

We are seeking a hands-on, outcome-driven Information Security Engineer who thrives at the intersection of technical execution and security operations mentorship. You will design, deploy, and maintain security technologies, lead incident response alongside our analysts, and serve as a force multiplier for the security program. This role requires a builder mindset—you won’t just keep the lights on, you’ll create repeatable processes, automation, and measurable improvements. You’ll also be expected to mentor our analysts, helping them grow while raising the overall maturity of our SOC. This role will be reporting to the Information Security Operations Manager. 

This role is based in Chicago. The role is primarily remote but you must live within the Chicagoland area to come into the office as needed. 

Responsibilities 

Operational Excellence 

• Lead incident response cases, ensuring timely containment, eradication, and recovery. 
• Oversee daily system operations, tuning, and health of security tools (SIEM, EDR, email security, vulnerability management, DLP, DNS protection). 
• Own the vulnerability management cycle: identification, prioritization, and remediation tracking against defined SLAs. 
• Provide Tier 3 escalation support and guidance for SOC and analyst team. 

Engineering & Architecture 

• Design and implement security controls across network, endpoint, application, and cloud environments. 
• Drive automation and SOAR integrations to reduce analyst fatigue and increase response speed. 
• Build and maintain playbooks, standard operating procedures, and evidence packs for compliance frameworks (NIST 2.0, SOC 2, HIPAA). 
• Conduct penetration testing and application security assessments, validating remediation. 

Mentorship & Enablement 

• Act as point of contact for incident escalations, providing calm, clear direction. 
• Mentor security analysts and guide them in investigative techniques, root cause analysis, and threat hunting. 
• Represent InfoSec in change advisory board (CAB) and project management meetings, ensuring security-by-design. 
• Translate technical risks into business impact for stakeholders across retail, cultivation, and HQ operations. 

Qualifications  

• Bachelor’s degree or higher in Information Security, or at least 6 years’ experience in Information Technology, or 4 years in Information Security. 
• ISC(2) CISSP, ISC(2) CCSP, CCNA-S, or similar certifications can help you stand out, but not required. 
• Experience in executing security solutions from concept through deployment. 
• Experience in Incident Response. 
• Strong understanding of Information Security technologies, design, and architecture. 
• Proven track record of training or mentoring fellow colleagues. 
• Demonstrated ability to self-direct tasks with minimal supervision to achieve goals. 
• Strong written and oral communication skills. 
• Deep knowledge of network, endpoint, application, and cloud security. 
• Foundational knowledge of CIS, COBIT, NIST, MITRE, OWASP, or other common security frameworks or control schemes. 
• Foundational knowledge of risk management and disaster recovery planning / management. 
• Foundational knowledge of compliance standards like SOX, SOC2 and ISO 27001 or regulations like GDPR, PCI, CCPA, HIPAA.  
• Strong problem-solving skills with well-organized and structured work habits. 
• Ability to keep calm in high-stress or emergency situations.  
• Ability to think abstractly and critically to consider potential concerns and determine their validity. 
• Ability to discuss highly technical situations in terms that non-technical stakeholders can effectively understand.  
• An insatiable intellectual curiosity and the ability to learn quickly in a complex space. 

Additional Requirements 

• Must pass any and all required background checks  
• Must be and remain compliant with all legal or company regulations for working in the industry  
• Must be a minimum of 21 years of age 

#LI-HYBRID