The Information Security Engineer is responsible for implementing, operating, monitoring, and continuously improving enterprise security solutions across cloud, on-prem, and hybrid environments. This role focuses on hands-on engineering and operational ownership, ensuring security controls are effective, resilient, and aligned with architectural standards, best practices, and regulatory requirements. As risks evolve, the Information Security Engineer proactively recommends and implements enhancements to keep pace with the modern threat landscape. This role works closely with security leadership, architects, infrastructure teams, application development, the Security Operations Center (SOC), audit, and business stakeholders. The engineer plays a direct role in securing systems, applications, third-party integrations, service providers, and business-to-business initiatives. Success in this role is measured by outcomes—improved detection capability, reduced risk exposure, operational stability, and the maturity of security tooling and processes. Key Responsibilities. Security Engineering & Operations. Implement, operate, monitor, and maintain enterprise security platforms, including hardware, software, customer applications, managed services, and vendor solutions. Own day-to-day operational support of security controls, ensuring availability, performance, and minimal business disruption. Research, validate, and deploy security solutions that meet both business and security requirements. Conduct performance and stress testing to identify limitations while supporting innovation and usability. Secure Design & Project Delivery. Participate in and lead security design discussions, ensuring solutions align with architecture standards and secure-by-design principles. Contribute to security projects that assess existing infrastructure, recommend improvements, and deliver enhancements on time, within budget, and in accordance with SLAs. Develop security test plans from architectural designs, identify gaps, and implement improvements prior to production impact. Actively participate in change management and change review processes. Incident Response & Detection. Support and participate in incident response activities, including investigation, containment, remediation, and post-incident reviews. Drive improvements to detections, controls, and response playbooks based on real-world incident learnings. Influence the planning and execution of incident response exercises and postmortems, creating measurable benchmarks to track maturity and progress. Participate in or support off-hours response activities as required. Risk, Compliance & Governance. Implement technical controls aligned to regulatory and compliance requirements such as HIPAA, PCI, SOX, GLBA, and applicable privacy laws. Translate compliance and risk requirements into enforceable, scalable security solutions. Partner with audit, risk, and compliance teams while maintaining a strong engineering and operational focus. Collaboration & Continuous Improvement. Work closely with architects, SOC analysts, incident responders, infrastructure teams, and application developers. Respond to service requests and escalation tickets within SLA expectations. Drive automation and efficiency to reduce manual effort and enable focus on higher-value security initiatives. Perform other duties as assigned. Hands-On Engineering Experience. Direct ownership of enterprise security platforms such as SIEM, EDR, IDS/ IPS, IAM, vulnerability management, and related tooling. Proven ability to deploy, tune, troubleshoot, and operate security controls in production environments. Experience supporting real security incidents—not just alert triage. Technical Focus Areas. Cloud & Hybrid Security: Securing workloads across AWS and/or Azure, alongside on-prem environments; deep understanding of identity, networking, logging, and monitoring. Incident Detection Engineering: Improving detections, alerts, and response workflows based on threat intelligence and observed attacker behavior. Security Automation: Using scripting or automation to improve efficiency, reliability, and scale. Operational Excellence: Strong discipline around SLAs, change management, and production stability. Collaboration & Working Style. High level of interaction with Infrastructure, Development, and SOC teams. Strong communicator with the ability to influence without formal authority. Comfortable balancing engineering depth with cross-functional partnership. What Makes This Role Exciting. High-impact ownership: Direct influence over how security is implemented and measured across the enterprise. Broad technical exposure: Cloud, network, endpoint, identity, application security, third-party risk, and automation. Strategy visibility: Engineers provide feedback that shapes security architecture and long-term program direction. Modern security practices: Emphasis on purple teaming, threat-driven improvements, automation, and continuous control enhancement. Job Requirements. Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent. Certification Requirements: CISSP, CISM and/or SANS certification a plus . years of experience in cybersecurity, including risk and compliance, with a strong system and network security engineering background. Highly technical and analytical, with proven experience in technology design, implementation, and delivery (preferred 5 additional years in ITS or infrastructure roles). Experience with purple teaming (red and blue collaboration) to identify, validate, and remediate security gaps. Hands-on experience securing cloud environments (IaaS, PaaS, Saas) across public, private, and hybrid models. Extensive knowledge of traditional and modern security technologies, including: SIEM, IDS/ IPS, PKI, IAM/ IDAM, antivirus, firewalls, EDR, threat intelligence platforms, automation/orchestration, application controls, deception technologies. Experience supporting vulnerability management, penetration testing, and remediation efforts. Demonstrated ability to clearly communicate cybersecurity risk in business terms. Track record of integrity, accountability, curiosity, adaptability, and effective collaboration. This position is based on the St. Jude Campus at our National Executive Office in Memphis TN and provides a hybrid work opportunity. Benefits & Perks. The following Benefits & Perks apply to Full-Time Roles Only. We’re dedicated to ensuring children and their families have every opportunity to enjoy life’s special moments. We’re also committed to giving our staff excellent benefits so they can do the same. Core Medical Coverage: (low cost low deductible Medical, Dental, and Vison Insurance plans)?401 K Retirement Plan with 7% Employer Contribution. Exceptional Paid Time Off. Maternity / Paternity Leave. Infertility Treatment Program. Adoption Assistance. Education Assistance. Enterprise Learning and Development. And more.