Sr. Information Security Engineer

About ITS Logistics 

Are you ready to unleash your potential and be a part of one of the fastest-growing, exciting logistics companies in the US? ITS Logistics is a premier Third-Party Logistics company that provides creative supply chain solutions.  With the highest level of service, unmatched industry experience and work ethic, and a laser focus on innovation and technology–our purpose is to improve the quality of life by delivering excellence in everything we do. 

At ITS, we invest in your personal and professional growth, providing the tools, resources, and support you need to unleash your full potential, collaborate with like-minded teammates, and seize limitless opportunities. By joining our all-star team, you will be part of an organization that values your unique skills, encourages your drive for excellence, and recognizes your unwavering commitment to achieving our shared goals. 

We empower our team members to become champions in their respective fields by nurturing a culture of collaboration, competition, and unyielding resilience. We believe that together, we can conquer any challenge and achieve remarkable victories. 

Want to learn more about ITS Logistics?  Check out our website!  www.its4logistics.com 

about our IT team 

At ITS, we see Information technology as a core enabler in delivering complex third-party logistics services at scale. ITS continues to invest in transforming its applications and infrastructure to support business growth and set us apart in the marketplace. An increasing percentage of ITS IT spending is now allocated to innovation and transformation initiatives with the goal of rapidly leveraging the following significant technology shifts to maximize business gain: 

• Leverage the public cloud to deliver an elastic infrastructure for increased business agility, scalability, and resiliency. 

• Use of the latest data analytics platform for informed decision-making, driving business outcomes, and uncovering new opportunities with data-driven insights. 

• AI and automation to improve efficiency and speed up business processes and results. 

• Digital apps to reinvent the workplace to boost employee productivity, agility, and digital dexterity through an engaging and intuitive work environment (employee experience). 

• Participate in building a world-class Information Security Team.

About the Position  

• This is a hands-on, highly technical position within a fast-paced environment, reporting to the Director of Information Security at our technology center of excellence in Walnut Creek, CA.  We are building the Information Security Program, and you will have a great experience building a greenfield environment. 

• - The role requires three to four days in the office. 

• - Provide best-in-class enterprise subject-matter expertise across all Cybersecurity controls for on-premises Infrastructure and Azure Cloud. 

• - Responsible for maintaining operational excellence status on cybersecurity services related to administration, availability, diagrams, documentation, updates, and policy management. 

• - Investigate and analyze security alerts to determine scope, urgency, impact, and remediation. 

• - Manage cyber security incidents and conduct triage/forensic analyses and root cause analyses of cyber-attacks. 

• - Continually improve internal scanning, detection, and reporting of security risks and anomalous activity. 

• - Provide input for Key Performance Indicators (KPIs) and Metrics reporting. 

• - Identify opportunities to automate or streamline current processes. 

• - Participate in tabletop exercises. 

Role Requirements 

• - Bachelor’s degree with advanced security certifications such as CISSP, Certified Cloud Security Professional (CCSP), SANS GIAC, Offensive Security, Azure Certified Security Associate (AZ-500), Microsoft Cybersecurity Architect (SC-100), Etc. 

• - Six years of experience in Information/Cyber Security.  

Bonus Skills (one or more) 

- Expertise with Azure Cloud Security and the Azure Well-Architected Framework. 

- Experience with Rapid7 Insight IDR and Microsoft Sentinel other SIEM platforms to manage, create, and improve threat detection rules within the SIEM platform. 

- Expertise in Beyond Trust PAM , other PAM solutions, and CrowdStrike Identify Exposure. 

- Expertise with CrowdStrike or other EDR solutions, and CIS Operating System Hardening 

- Expertise with Palo Alto Networks Prisma or other cloud native tools. 

- Expertise in Tenable One Vulnerability Management or other VM Platforms. 

- Expertise with On-premises Fortinet Fortigate or other NGFW techmologies. 

- Expertise with Incident Detection and Response. 

- Expertise with Synk or other Application code scanning tools.  Including, SAST/DAST. 

- In-depth understanding of networking and network security and common enterprise communication technologies.  

- In-depth knowledge of MITRE ATT&CK, CIS and NIST CSF Frameworks. 

- In-depth experience with various cybersecurity techniques and principles, such as Security Operations Center and SIEM, forensics, threat hunting, penetration testing, and threat intelligence. 

- Designing and orchestrating requirements for CI/CD pipelines in DEVSECOPS. 

- Experience with threat modeling. 

- Experience with Microsoft Purview and Data Privacy. 

- Experience with drafting security policies, procedures, SOPs. 

- Proficiency in secure coding/scripting and automation.