​This is a full-time Information Security Engineer role focused on maintaining and enhancing the corporate Information Security program. The position is critical for integrating regulatory compliance (e.g., PCI, GLBA) into the security roadmap, performing risk assessments, conducting incident response, and ensuring both application and infrastructure security conform to industry best practices and external audit requirements.

• ​Location: Remote, but local to the Temecula, CA office.
• ​Compensation: $96,000 to $120,000 annually, plus a 10% AIP (Annual Incentive Plan) opportunity.
• ​Experience: 5+ years of related IT experience, with 2+ years in an Information Security engineering role.
• ​Education: Bachelor’s degree in a related field is required.
• ​Focus: Application security tool implementation, regulatory compliance (PCI, GLBA), incident investigation, and security auditing of IT operational controls.

​Essential Functions: Program Development, Incident, and Audit

​The engineer is a security generalist with a strong emphasis on compliance and hands-on operational security.

• ​Security Program & Compliance: Assist with the development, implementation, and administration of security policies, standards, and procedures. Assist in integrating regulatory compliance requirements (PCI, GLBA) into the security roadmap and ensure compliance with all external audit requirements.
• ​Application Security: Assist in the identification, evaluation, and implementation of industry leading application security tools and techniques.
• ​Risk & Testing: Perform risk assessments and execute system tests to ensure proper functioning of data processing and security measures. Perform periodic internal IT security audit functions on IT operational controls (e.g., system access controls, firewall rule reviews).
• ​Incident Response: Perform security incident investigations, including chain of custody, containment, root cause analysis, and identification of preventive measures. Define and assist in the management of an Incident Response Team and its escalation procedures.
• ​Operational Security: Coordinate with IT Operations to ensure endpoints and network devices conform to security standards. Plan, coordinate, and implement security measures to regulate access to computer data files.
• ​e-Discovery: Perform information systems evidence gathering to support e-discovery requests.

​Required Knowledge and Preferred Experience

​The role requires foundational security knowledge and experience in regulated industries.

• ​Required Skills:
  • ​Significant knowledge of security-oriented regulatory requirements and compliance.
  • ​Excellent familiarity with IT security principles and practices including firewalling, hardening, data loss prevention, threat prevention, and identity management.
  • ​Ability to provide technical guidance to less experienced team members.
• ​Preferred Experience:
  • ​3+ years of experience in a regulated IT environment including some combination of SOX, HIPAA, GLBA, or PCI.
  • ​Knowledge of the mortgage industry is helpful.
• ​Preferred Certifications:
  • ​Security class certifications strongly preferred.
  • ​CISSP license preferred.
  • ​Azure certifications preferred.