Information Security Engineer
Role details
Job location
Tech stack
Job description
We're looking for an Information Security Engineer to help strengthen and mature Vacatia's security program. In this highly visible role, you'll partner with IT, Engineering, and external security experts to improve our security posture, support compliance initiatives, and build scalable security operations that enable the business to grow with confidence.
If you're passionate about cybersecurity, enjoy solving complex technical challenges, and thrive in environments where you can make a measurable impact, we'd love to hear from you.
Why You'll Love Working at Vacatia
Protect Critical Business Systems Help secure the technology and infrastructure that power Vacatia's customer experiences, business operations, and future growth.
Own High-Impact Security Initiatives Lead vulnerability management, audit readiness, incident response, and security operations while continuously improving our overall security posture.
Work with Modern Technologies Support cloud and on-premises environments across AWS, Azure, Microsoft 365, Google Workspace, Salesforce, Snowflake, and modern endpoint security platforms.
Drive Continuous Improvement Build repeatable security processes, automate workflows, strengthen governance, and help prepare Vacatia for future growth and compliance requirements.
Collaborate Across the Organization Partner with IT, Engineering, Product, external auditors, security consultants, and business leaders to deliver practical security solutions that balance protection and operational efficiency.
Your Impact
- Lead Vacatia's vulnerability management program, including vulnerability scanning, prioritization, remediation tracking, and reporting
- Partner with IT teams to coordinate patch management across servers, endpoints, cloud infrastructure, and network environments
- Improve cloud security across AWS, Azure, Salesforce, Snowflake, Microsoft 365, and Google Workspace through secure configurations, identity management, logging, and monitoring
- Strengthen endpoint and on-premises security through Active Directory, Microsoft Entra ID, Group Policy, EDR/XDR, MDM, firewall management, and system hardening
- Monitor security events through SIEM platforms, investigate incidents, coordinate response efforts, and continuously improve detection capabilities
- Lead SOC 1 and SOC 2 audit readiness activities, including evidence collection, control implementation, documentation, and remediation efforts
- Develop and maintain security policies, standards, operational procedures, and governance practices aligned with industry frameworks
- Manage security awareness initiatives, phishing simulations, risk assessments, and ongoing security education
- Design executive dashboards and security metrics that provide leadership with meaningful visibility into organizational risk and compliance
Requirements
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
- 3-5 years of hands-on experience in information security, cybersecurity, or infrastructure security
- Experience leading vulnerability management, remediation programs, and security compliance initiatives
- Strong understanding of cloud security, identity and access management, endpoint protection, network security, and secure system configurations
- Experience with SIEM platforms, EDR/XDR technologies, vulnerability management tools, and security monitoring solutions
- Working knowledge of PowerShell, Python, Bash, or other scripting languages used for automation and operational efficiency
- Experience supporting compliance frameworks such as SOC 1, SOC 2, PCI DSS, NIST CSF, ISO 27001, or CIS Controls
- Strong analytical, troubleshooting, and problem-solving skills with the ability to communicate security concepts to both technical and non-technical stakeholders
- A proactive mindset focused on continuous improvement, operational excellence, and building scalable security practices, * Experience with Microsoft Sentinel, Splunk, Chronicle, CrowdStrike, Defender, SentinelOne, Tenable, Nessus, Qualys, AWS Security Hub, Defender for Cloud, or comparable security platforms
- Security certifications such as Security+, CySA+, SSCP, GSEC, CISA, CCSP, CCSK, AWS/Azure Security certifications, or CISSP
- Experience supporting cloud-first organizations, hospitality, SaaS, or highly regulated environments