Information Security Engineer

The Company: Cognex Corporation

Cognex is the world's leading provider of vision systems, software, sensors, and industrial barcode readers used in manufacturing automation. Cognex vision helps companies improve product quality, eliminate production errors, lower manufacturing costs, and exceed consumer expectations for high quality products at an affordable price. Typical applications for machine vision include detecting defects, monitoring production lines, guiding assembly robots, and tracking, sorting and identifying parts.

Cognex serves an international customer base from offices located throughout the Americas, Europe, and Asia, and through a global network of integration and distribution partners. The company is headquartered close to Boston in Natick, Massachusetts

The Role: As an Information Security Engineer, you will work with our InfoSec analysts and engineers to locate and improve weak points in our security and mature Cognex' InfoSec program. You may suggest new hardware or develop software to fix any issues. You will also perform routine maintenance to keep our security systems running efficiently and defend the network and systems from various cybersecurity threats. Security engineers assist in protecting sensitive data, as well as developing secure systems and responding to cyberattacks.

• Develop and implement security policies and procedures

• Develop and maintain the organization's security framework in alignment with business goals and objectives

• Maintaining and monitoring security systems (i.e., firewalls, IDS/IPS, VPNs, Endpoint security platforms, SIEM, TVM)

• Progress & mature Cognex' security program

• Security Assessments

• Risk Analyses, Vulnerability Assessments, Penetration Testing

• Develop mitigation strategies

• Collaborate with InfoSec & IT

• Stay up to date on emerging threats, vulnerabilities, and security technologies

• Be a champion for InfoSec to employees on information security policies, procedures, and best practices

Knowledge:

• Understanding of information & cyber security concepts, principles, best practices, common types of cyber threats and attack vectors, and security frameworks, such as NIST, ISO 27001, CIS, and HITRUST

• Knowledge of network and system administration, including cloud environments, firewalls, intrusion detection and prevention systems, operating systems, databases, applications, protocols, and other security tools

• Understanding of encryption, cryptography, web application security, secure coding practices, proxies, architecture, and assessment tools and techniques

• Intermediate knowledge of regulatory compliance requirements such as Sarbanes Oxley, PCI-DSS, HIPAA, GDPR, CCPA, etc.

• Intermediate understanding of incident response, disaster recovery, and Business Continuity plan procedures, including forensic analysis techniques

• Familiarity with cloud security concepts and practices, including DevSecOps

Skills:

• Skills in responding to security threats, incidents, and breaches

• Risk management

• Intermediate skills to utilize InfoSec assessment tools and techniques

• Intermediate skills to design, implement, and manage security technologies (i.e., firewalls, IDS/IPS, VPNs, anti-virus & EDR software

• Intermediate skills in Scripting and programming

• Intermediate skills in InfoSec documentation (i.e., policies, procedures, standards, guides, reports)

• Excellent analytical, problem-solving, and critical thinking skills to identify and mitigate complex security risks

• Task and project prioritizations

Abilities:

• Ability to read and Analyze system security logs

• Understand how to write high-quality incident reports

• Exceptional communication and interpersonal skills to work with technical and non-technical stakeholders, including executive-level leadership within InfoSec & IT.

• Able to conduct in-depth security assessments and audits

• Automate InfoSec tasks and processes.

• Create and maintain security documentation such as policies, standards, and procedures

• Identify and address security vulnerabilities in system, network, and application architectures

• Train & mentor less experienced InfoSec Engineers

• Maintain high ethical & professional behavior in dealing with sensitive and confidential information

• Learn and adapt quickly

• Work under pressure and high stress situations as in during security incidents or breaches

  • 3+ years of experience in information security engineering or related field in an enterprise environment.

  • Intermediate familiarity with security technologies such as firewalls, intrusion detection/prevention systems, and endpoint security

  • Intermediate familiarity with security standards and frameworks (e.g., NIST, ISO 27001)

  • Intermediate experience with one or more scripting languages

  • Intermediate understanding of network protocols and operating systems

  • Strong written and verbal communication skills

  • Industry certifications such as Security+, SSCP, CEH, GSEC, CASP+ are a plus

  • Bachelor's degree in computer science, Information Security, Cybersecurity, or related field or equivalent experience

Equal Employment Opportunity

Cognex is an equal opportunity employer. Cognex evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.