Information Security Engineer
smartdata solutions
IT
India · Chennai, Tamil Nadu, India · Perungudi, Tamil Nadu2, India
Job Description
Reports To: | Information Security Manager |
FLSA Status: | Exempt |
Department: | Information Security |
Location: | Chennai, India Office |
AD Role: | InformationSecurityEngineer |
Summary
This document describes the duties, responsibilities, and required skills and experience for the position of Information Security Specialist.
Duties and Responsibilities include but are not limited to:
Vulnerability Management and Security Configuration
- Analyze scan results to distinguish true risk from false positives, including understanding vendor backported patches and compensating controls
- Coordinate with infrastructure, application, and engineering teams to remediate vulnerabilities within defined SLAs
- Identify security vulnerabilities in the QuickClaim web application and other SDS web applications and collaborate with the Senior Product Developer to remediate identified issues.
- Monitor threat intelligence sources and emerging vulnerabilities to assess organizational impact.
- Implement and manage application control policies to prevent execution of unauthorized or malicious software
- Participate in monthly maintenance when applicable
Security Monitoring and Alerting
- Monitor security alerts and events from SIEM, EDR, endpoint protection, and cloud security platforms to identify potential security incidents.
- Tune monitoring and detection controls based on emerging threats, environmental changes, and lessons learned from incidents.
- Work with infrastructure and engineering teams to ensure proper log collection, ingestion, and retention for security monitoring purposes.
- Monitor and assess cloud environments for misconfigurations, insecure permissions, and policy violations.
Incident Response
- Respond to security incidents by investigating alerts, determining scope and impact, and coordinating containment, eradication, and recovery efforts.
- Follow established incident response procedures and escalation paths to ensure timely and appropriate response.
- Perform root cause analysis and document findings, actions taken, and remediation steps.
- Support post-incident reviews to identify gaps, lessons learned, and opportunities for improvement.
- Participate in an on-call rotation with the Security Pager
Projects
- Lead and execute security improvement projects to remediate identified gaps, including planning, prioritization, implementation, and validation.
- Translate identified risks into actionable security projects aligned with business needs and organizational risk tolerance.
- Track project progress and outcomes, ensuring measurable risk reduction and documented improvements.
Documentation
- Create documentation for all security related configurations and procedures.
- If documentation for a procedure already exists, use it when performing procedures and update as necessary.
Perform other duties as assigned.
The duties set forth above are essential job functions for the role. Reasonable accommodations may be made to enable individuals with disabilities to perform essential job functions.
Skills and Qualifications
- Microsoft Windows Operations Systems (Workstation and Server)
- Linux Operating Systems
- MySQL database or similar
- AWS Cloud Security
- Experience with Rapid7 InsightVM, SIEM, Digital Risk Protection, Automox, Duo, Manage Engine, ExtremeIQ, Sophos, Palo Alto Firewalls, Qualys and Office 365, or similar
- Experience with scripting or automation (PowerShell, Bash, Python) to support remediation, monitoring, or configuration validation.
- Experience and familiarity with security frameworks such as NIST, ISO, and HITRUST
- Experience and familiarity with information security concepts and best practices in all domains (e.g. Physical, Administrative, Technical, etc.)
- 3+ years of experience in information security, systems engineering, or a related technical role
- Strong personal organization and task discipline
- Strong reading comprehension
- Proficient in information and statistical analysis
- Objectivity and fairness
Work Environment and Physical Demands
To perform this job successfully, an individual must be able to perform each duty and responsibility satisfactorily. The requirements listed above are representative of the knowledge skill and/or abilities required.
Risk Designation
This role is classified as high risk due to access to Protected Health Information ‘PHI’. Employees in this role must be free of felony convictions on any background check run by Smart Data Solutions.
Access Grants
Employees are only granted access to the minimum necessary facilities, applications, and systems unless otherwise authorized by the CIO/CTO. The following represent the access grants for this role. If not listed, access is denied by default.
Protected Information Access
Employees in this role are authorized to access the following Protected Information categories. If any Protected Information category is not listed for any reason, authorized access to that category is not granted.
Protected Information | Access Authorization |
Protected Health Information (PHI) | No |
Source Code | Yes |
System Configurations | Yes |
Financial Data | No |
Human Resources Data | No |
System Credentials | Yes |
Application Access
Employees in this role are authorized to access SDS internal and cloud applications according to SDS’s policies and procedures, including but not limited to a Role Access Matrix, and such permitted access (if any) will be communicated to Employee(s) upon hire. If any application is not listed for any reason, authorized access to that application is not granted.
Facility and Physical Location Access
Employees in this role are authorized to access the following SDS facilities and physical locations. If any facility or physical location is not listed for any reason, authorized access to that facility or physical location is not granted.
Location | Access Authorization |
| SDS Business Office 2900 Lone Oak Parkway, Suite 130. Eagan, MN | No |
SDS Scanning Facility | No |
SDS Scanning Facility Equipment Closet | No |
| SDS Keying Facility Superior, WI | No |
| SDS Keying Facility Equipment Closet Superior, WI | No |
Primary Data Center | No |
Secondary Data Center | No |
| SDS Business Office 5445 Legacy Drive, Plano, TX | No |
SDS Scanning Facility | No |
SDS Scanning Facility | No |
| SDS Development Office - Nepal Kandevta Complex - 3rd Floor | No |
| SDS Office – India 6th Floor, Block 4A, Millenia Business Park, Phase II MGR Salai, Kandanchavadi, Perungudi, Chennai 600096 | Yes |
Remote Access and Mobile Devices
Employees in this role are authorized for the following remote access and mobile devices:
Remote Access / Mobile Device | Access Authorization |
Laptop Computer | Yes |
BYOD for Exchange Email & Calendar | Yes |
VPN Connection | Yes |
Security Responsibilities
All employees are required to maintain confidentiality as related to protected health information (‘PHI’). Employees are required to follow the Acceptable Use Policy while using any information systems owned or controlled by Smart Data Solutions. Any improper and/or unlawful disclosure of confidential information will be subject to disciplinary action, up to and including termination.
Security roles and responsibilities include:
- Implementing and acting in accordance with the organization's information security policies.
- Protecting assets from unauthorized access, disclosure, modification, destruction, or interference.
- Executing particular security processes or activities.
- Ensuring responsibility is assigned to the individual for actions taken.
- Reporting security events or potential events or other security risks to appropriate Smart Data Solutions personnel