Information Technology Security Engineer

About The Heritage Group

The Heritage Group is a fourth-generation, family-owned business focused on construction and materials, environmental services and specialty chemicals. Over the last 90+ years, the Heritage portfolio has grown to include more than 50 companies that employ more than 6,000 people. What unites this diverse group of businesses and individuals is our commitment to create a safer, more enriching, and sustainable world by harnessing the power of family.

The IT Security Engineer is responsible for maintaining security operations and assisting ITSS with security-related projects, designed to protect the company's sensitive data and assets. Responsibilities include safeguarding system perimeters, enhancing security measures for both cloud-based and on-premises infrastructures, managing network security devices and associated security tools, and responding to security incidents. The IT Security Engineer is responsible for assisting with the design, implementation, and evaluation of security solutions, while also overseeing the performance of current systems.

The role is a member of the IT shared services team that supports a portfolio of privately held companies.

This position is remote, with occasional travel to the Indianapolis, IN area. Qualified candidates must currently reside in the Eastern or Central time zones.

• Design, execute, and oversee security measures to safeguard computer systems, networks, and data.
• Identify security vulnerabilities, promote system security best practices, and collaborate with teams for mitigation implementation.
• Security awareness training and phishing simulation campaigns.
• Contribute to the design of the system security architecture.
• Assist with preparing and documenting standard operating procedures and protocols.
• Audit compliance with company security standards and work with team(s) to remedy noncompliance.
• Configure, optimize, and troubleshoot security infrastructure devices.
• Utilize current system security tools to provide security remediation recommendations and guidance to business units and ITSS teams.
• Research and review new technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Detect, investigate, and respond to security incidents with rapid communication to stakeholders.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
• Be an essential part of executing all tasks or projects as put forth in the IT security strategic plan.
• Conduct vulnerability assessments and security testing on systems, networks, and applications to identify weaknesses.
• Effectively communicate security risks to both technical and non-technical colleagues, highlighting potential impacts and required actions.
• Stay updated with the latest trends in cybersecurity threats, and mitigation techniques.
• Additional duties and responsibilities as assigned, including but not limited to continuously growing in alignment with the Company’s core values, competencies, and skills.

• Required Bachelor's Degree degree in Computer Science or related field or equivalent work experience.

• Required minimum of 3-5 years of proven work experience as an IT Security Engineer or similar role.
• Required experience in building and maintaining security systems. Experience with Microsoft security solutions including Sentinel, Azure Information Protection, Defender for Cloud Apps, etc. is highly preferred.
• Required detailed technical knowledge of database and operating system security.
• Required hands‑on experience in security systems, including firewalls, intrusion detection and prevention systems, anti‑virus software, authentication systems, log management, content filtering, etc. (Sophos, Palo Alto, Azure SSO, and Log Scale preferred).
• Required experience with network technologies and with system, security, and network monitoring tools (Cisco, Aruba, and Netskope preferred).
• Thorough understanding of the latest security principles, techniques, and protocols.
• Familiarity with web related technologies (Web applications,…