Security Engineer

Infomedia/SimplePart is seeking a Security Engineer to join our Network and Security team. This role is responsible for the day-to-day operational security of our automotive SaaS platform, which serves approximately 2,750 dealer websites across 25+ OEM brands. The Security Engineer will own vulnerability management, compliance task execution, incident monitoring and response, and will serve as a key contributor to maintaining our PCI DSS, ISO 27001, and SOC 2 compliance posture. This is a hands-on, execution-focused role that requires strong technical fundamentals, attention to detail, and the ability to work independently while collaborating effectively with cross-functional teams.

Core Responsibilities

Incident Monitoring and On-Call

• Participate in a 24/7 PagerDuty on-call rotation on a weekly rotating basis with the security team.
• Investigate, triage, and respond to all alerts received during on-call shifts, escalating to the appropriate teams as needed.
• Perform daily review and analysis of security alerts and logs across all monitoring platforms.
• Monitor and remediate alerts and findings from Microsoft Defender.

Vulnerability Management

• Own and manage internal and external vulnerability scanning programs (Tenable, Qualys, Veracode, and related tooling).
• Analyze scan results, prioritize findings by severity and business impact, and develop detailed remediation plans.
• Coordinate with infrastructure, development, and operations teams to schedule and execute remediation activities.
• Ensure the environment is patched monthly and proactively schedule patching for critical systems that require coordination with other teams.
• For vulnerabilities that cannot be remediated within designated timeframes, document justification and enter findings into the risk register with appropriate compensating controls.
• Maintain the systems inventory sheet, ensuring all asset information is accurate and current.

Compliance and Audit

• Take ownership of all PCI DSS compliance tasks on a monthly, quarterly, semi-annual, and annual basis.
• Serve as the primary point of contact for completing internal PCI DSS tasks and act as the lead during the annual PCI DSS audit.
• Maintain working familiarity with ISO 27001 requirements and serve as the point person for related compliance tasks.
• Support SOC 2 audit preparation and serve as a contributor or lead for compliance audit activities as needed.
• Develop, implement, and help maintain the company’s cyber and information security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of digital assets.

Infrastructure Support

• Manage access requests, ensuring access is provisioned and deprovisioned accurately and in accordance with policy.
• Maintain SFTP configurations in accordance with security best practices.
• Demonstrate a basic understanding of firewall rules and networking configuration to support audit evidence and security best practices.

Required Qualifications

• 1-3 years of experience in information security, cybersecurity, or IT security operations.
• Hands-on experience with vulnerability scanning tools (Tenable, Nessus, Qualys, or equivalent).
• Working knowledge of PCI DSS requirements; direct experience with PCI DSS audit preparation and task execution strongly preferred.
• Familiarity with compliance frameworks including ISO 27001 and SOC 2.
• Experience with endpoint detection and response (EDR) tools such as Microsoft Defender.
• Understanding of RBAC principles, SFTP security, and basic networking and firewall concepts.
• Experience with patching processes and change management in a multi-server environment.
• Strong written and verbal communication skills with the ability to document findings clearly.
• Ability to work independently, conduct thorough technical research, and manage multiple priorities.
• Willingness to participate in a 24/7 on-call rotation.