Sr. IT Information Security Engineer

About Us:

At Bernhard, we blend a rich history with a forward-looking vision. With over 100 years of experience, we are a pillar of stability in the energy infrastructure industry and a leader in innovative energy solutions. Our commitment to leveraging emerging technologies ensures that we remain at the forefront of the Energy-as-a-Service sector. We believe in growth—not just for our business, but for our people. Our team members have the opportunity to advance their careers in a supportive environment that values continuous learning and development. We embrace innovation and encourage creative problem solving to tackle the energy infrastructure and energy challenges of tomorrow. Inclusion is at the heart of our culture. We strive to create a workplace where every voice is heard and valued, fostering a collaborative environment where diverse perspectives drive our success. Join us to be part of a legacy of excellence and a future of groundbreaking advancements. At Bernhard, stability, innovation, and growth are more than just values—they are the pillars of our continued success.

The Sr. Information Security Engineer is responsible for maintaining the high availability, configuration/efficiency and implementation of information security tools, systems and services. Works in conjunction with the Security Operations Center to identify and respond to threats to the Bernhard enterprise. Works on highly complex projects that require an in-depth understanding of multiple domain knowledge (security, networking, cloud, etc.). This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.

Specific responsibilities include:

• SECURITY ENGINEERING

• Collaborates across the company to guide the direction of information security, working with hardware, software, research and product teams
• Researches, designs, and develops architecture solutions meeting internal and external security requirements and standards
• Drives defense-in-depth security for the organization to protect critical IT assets and data
• Works extensively in networking products/technologies such as: routing and routing protocols, L2/L3 switching, Next Gen firewalls, IPS/IDS, Remote Access, VPN, SIEM, IAM, Encryption, VDI, and Mobile security
• Works with customers, partners to identify and address security issues and threats
• Evangelizes security across the engineering team and other business departments
• Assesses risks proactively and expresses concerns to engineering and operations teams
• Develops and executes security processes, policies, and procedures in collaboration with Manager

• THREAT RESPONSE

• Identifies, troubleshoots, and resolves vulnerabilities
• Participates in incident response and management as required 24x7
• Completes assessments and coordinates responses to threats/attacks to the technology infrastructure and supported applications/systems
• Responsible for Desktop, server, application, database, and network security principles for threat identification and analysis
• Participates in multiple Projects and manages large projects as required
• Serves as an information security subject matter expert

Required Education, Experience, and Qualifications

• BA or BS in Computer Science, Management Information Systems, or related field, from an accredited college or university or equivalent experience
• Five (5) or more years of security engineering, design, and implementation experience
• License/Certification: None required, CISSP highly desired
• Advanced knowledge of the threat landscape and threat intelligence methodologies
• Demonstrated ability to make decisions on remediation and counter measures
• Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing
• Working knowledge of global threats to cyber security and understanding of the tools and tactics utilized by threat actors
• Experience with a scripting language (Perl, Python, or other) in an incident response environment
• Extensive Windows, Mac, Linux and Unix experience including deep knowledge of file system layout, log file analysis, timeline creation, web browser forensics and file carving
• Ability to deliver succinct and fact-based communications, both verbally and in writing
• Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner
• Ability to use independent judgment to make sound, justifiable decisions and act to resolve problems
• Customer-focused mindset, with demonstrated skill in managing expectations, providing proactive status updates, and producing high-quality work product
• Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPPA, PCI, DSS, etc.)
• Strong analytical and problem-solving skills are required. Excellent communication (oral, written, presentation), interpersonal and consultative skills will be needed in order to succeed
• Good communication skills and ability to present to diverse audiences of varying organizational levels
• Strong project management skills
• Ability to work in a collaborative, team environment
• Knowledge of local, state and federal regulatory requirements related to areas of functional responsibility
• Ability to work in a team or independently

Preferred Education, Experience, and Qualifications

N/A

Travel Requirements

• 0-5% of time will be spent traveling to job site(s)/office location.

Physical/Work Environment Requirements

Physical Activities

Climbing stairs.
Remaining in a stationary position, often standing or sitting for prolonged periods
Repeating motions that may include the wrists, hands and/or fingers

Environmental Conditions

Quiet environment

Physical Demands

Light work that includes adjusting and/or moving objects up to 20 pounds

Bernhard is proud to be an Equal Opportunity Employer of Minorities, Women, Protected Veterans, and Individuals with Disabilities, and participates in the e-Verify program. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, age, sexual orientation, gender identity, national origin, veteran status, disability, or any other classification protected by law.