Search Our Jobs
IT Security Engineer - 2187
Memphis, TN(Service Center)
Job Number: #
PURPOSE – Barnhart is built on a strong foundation of serving others. The fruit of our labor is used to grow the company, care for our employees, and serve those in our communities and around the world.
MINDS OVER MATTER – Barnhart has built a nationwide reputation for solving problems. We specialize in the lifting, heavy-rigging, and heavy transport of major components used in American industry.
NETWORK – Barnhart has built teams that form one of our industry’s strongest network of talent and resources with over 50 branch locations across the U.S. working together to serve our customers. This growing network offers our team members constant opportunity for career growth and professional development.
CULTURE – Barnhart has a strong team culture -- the “One TEAM.” We are looking for smart, hard-working people who strive for excellence in their work and appreciate collaboration. Join a team that values Safety, Servant Leadership, Quality Service, Innovation, Continuous Improvement, Fairness, and Profit with a Purpose.
The Information Security Engineer is responsible for the security of an organization’s computer systems and networks. The engineer implements security measures that effectively safeguard sensitive data in the event of a cyber-attack. The role is highly collaborative, involving frequent interaction with various members of the IT team.
- Research, test, train, and implement programs designed to safeguard privacy and sensitive information from breaches.
- Conduct risk analyses from vulnerability, compliance scans, pen testing results, and other audit activity.
- Write Plan of Action and Milestones (POAMS), System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.
- Establish System and Organizational Controls (SOC) and audit processes.
- Provide regular reporting on the status of the information security, risk, and compliance programs to senior business leaders as part of a strategic IT risk management program to support business outcomes.
- Work with company leadership to promote and institutionalize security and compliance practices through training, workshops, and continued awareness.
- Educate the organization on information security best practices and ensure the organization is compliant with NIST 800-171 / CMMC 2.x / PCI DSS policy and frameworks.
- Keep corporate security policies, standards, and procedures fresh and fit for purpose, and make sure staff across the board comply on a day-to-day basis without fail.
- Participate in responsible innovations, emulating what might happen in the real world and ensuring everyone is on the same page when it comes to threats such as but not limited to Phishing, Hack-a-thon, Adversarial simulations.
- Audit and assess existing IT infrastructure for any security risks.
- Document zero trust architecture and implement, participate in bid and proposal activities.
- Continuously assess vulnerabilities and find fixes before incidents occur.
- Develop policies on security incidents and team with the Cyber Executive to create emergency responses in the face of security breaches.
- Oversee development of a disaster recovery plan to allow for business continuity post-cyber-attack.
- Identify and manage asset inventories and high value assets.
- Articulate IT security and technical issues in a non-threatening, clear and actionable manner to non-technical teams.
- Prepare data analytics and facilitate metrics reporting frameworks to measure efficiency and effectiveness.
- Confirm and implement an up-to-date information security management framework based on the NIST Cybersecurity Framework, NIST 800-171 and ISO 27001 controls.
- Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global standards and regulations.
- Bachelor of Science in Computer Science, Engineering, Cybersecurity, or other technical discipline.
Licenses & Certifications:
- Certification in one or more of the following areas is a plus:
- CISSP, CISA, CCNP Security, Azure Security Engineer Associate.
- Required minimum of five (5) years of information security, risk management, IT compliance.
- Required minimum of five (5) years’ experience in system engineering or network engineering.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, as well as those from NIST, including 800-53, 800-171 and Cybersecurity Framework.
- Privileged access management tools.
- Experience with security tools such as Splunk, Crowdstrike, CyberArk, LogRhythm, AlienVault, Cisco Firewall, Cisco ISE, Cisco AMP, Umbrella, and Secure Endpoint.
Compensation and Benefits
- Competitive salary
- 401(k) program with company match up to10% of pay
- Family medical, dental and vision insurance
- Paid time off and other benefits
- Barnhart CARES family care and community service opportunities