Information Security Engineer

Energy Recovery (NASDAQ: ERII) creates technologies that solve complex challenges for industrial fluid-flow markets worldwide. Building on our pressure exchanger technology platform, we design and manufacture solutions that make industrial processes more efficient and sustainable. What began as a game-changing invention for desalination has grown into a global business advancing the environmental sustainability of customers’ operations in multiple industries. Headquartered in the San Francisco Bay Area, Energy Recovery has manufacturing, research and development facilities across California and Texas with sales and on-site technical support available globally. For more information, please visit www.energyrecovery.com.

Job Summary:

The Information Security Engineer responsibilities include but are not limited to Providing strategic direction and vision for Energy Recovery’s cybersecurity program, fostering a culture of security awareness and compliance throughout the organization and develop and implement risk mitigation strategies and controls to safeguard the organization against potential threats. Experience with Palo Alto Networks is a must in order to maintain and manage all networks and firewall systems as part of daily responsibilities. This individual should be able to do research and development to ensure continual innovation for the responsible services.

Major Duties & Responsibilities:

• The ISE will be responsible for developing and implementing robust cybersecurity strategies, policies, and practices to safeguard our organization's information assets and ensure the integrity, confidentiality, and availability of our data

• Develop and lead the implementation of the organization's cybersecurity strategy, ensuring alignment with business objectives

• Conduct regular risk assessments to identify and prioritize cybersecurity risks

• Ensure compliance with relevant laws, regulations, and industry standards related to information security

• Develop and maintain an incident response plan, including coordinating the response to cybersecurity incidents

• Conduct post-incident analysis to identify root causes and recommend improvements to prevent future incidents

• Collaborate with IT and business units to integrate security best practices into the design and development of systems and applications

• Ensure the continuous evaluation and enhancement of security architecture to address emerging threats

• Implement a comprehensive security awareness program for employees, promoting a security-conscious culture

• Provide training on cybersecurity best practices and conduct regular drills to test the organization's readiness for security incidents

• Oversee the assessment and management of cybersecurity risks associated with third-party vendors and partners

• Ensure that vendors adhere to the organization's security standards and policies

• Implement and manage security monitoring tools and processes to detect and respond to security events

• Generate regular reports on the organization's cybersecurity posture and incidents for executive leadership

• Audit’s identity and access methods to ensure a zero-trust framework for both production and development business application systems

• Cybersecurity Strategy and Leadership: Develop and lead the implementation of the organization's cybersecurity strategy, ensuring alignment with business objectives

• All other duties as assigned

Skills & Requirements:

• Bachelor’s Degree or equivalent work experience in a related field required

• Must have PCNSE certification or equivalent Palo Alto network experience (on-Prem Firewall and Prisma)

• 3+ years’ experience in an Information Security role with responsibilities in assessing application and infrastructure architectures for security threats and vulnerabilities

• Alternatively, 5+ years’ in a Senior level network/systems role with a strong focus on Security, required

• Hands-on experience with security infrastructures (e.g. Firewalls, IDS/IPS, VPN, Secure Email Gateways, Web Content Filters, Proxies, DLP, SIEM) required

• Solid foundational understanding of networking concepts required

• Professional security management certification, such as a ISC(2) Certified Information Systems Security Professional (CISSP), SANS GIAC Information Security Professional (GISP), CompTIA Security+, CompTIA Network+, highly desirable

• Knowledge and experience with common information security management frameworks and best practices, specifically the National Institute of Standards and Technology (NIST) frameworks and Center for Internet Security (CIS) Critical Security Controls, highly desirable

• Understanding of cloud security concepts (SaaS, PaaS, IaaS), mobile architecture, network and application security and/or data protection, preferred

• Deep experience with Palo Alto security products, including on-prem firewalls, Panorama, Global Protect, and Prisma Access

• A solid understanding of security-focused enterprise networking

• Should be intimately familiar concepts such as Spanning Tree, Port Security, Portchannel/Etherchannel/Link Aggregation, VLANs, SNMP, Syslog, 802.1x, OSPF, BGP, route redistribution, IPSec tunnels, and TCP/IP in general.

• Hands on experience with Cisco enterprise switches (or a similar vendor)

• Familiarity with Network Access Control systems (Any vendor)

• Familiarity with monitoring/alerting systems (PRTG, Solarwinds, Splunk, etc)

• Basic understanding of Windows Server functions as they related to network services (Active Directory, DNS, & DHCP)

• Provide 24/7 support with rotating on-call duties after hours within predetermined and agreed upon service expectations

$130,000 - $160,000 a year

The below range is the range that we reasonably believe to be the range of possible compensation for this role at the time of this posting. We may ultimately pay more or less than the posted range and this range is only applicable for jobs to be performed in California. This range may be modified in the future. The salary range for this role is $130,000 to $160,000

We are an EOE/AA employer committed to workforce diversity.

No recruiters or phone calls.