Vacancies
Vacancies

Senior Information Security Specialist

Meet your recruiter Peter Doyle
peter.doyle@intellias.co...
Vacancy details
Information Security
Security Analyst
Senior
Bloomington (Minnesota), 
United States
Hybrid
Apply now
Refer a friend now

The Information Security Specialist III is a senior technical expert responsible for leading the design, implementation, and oversight of the organization’s cybersecurity strategy. This role requires deep knowledge of information security concepts, advanced threat mitigation techniques, and regulatory compliance. The Specialist III serves as a key advisor to leadership and mentors junior team members while playing a central role in security architecture, incident response, and risk management initiatives.

What project we have for you

You will primarily work with your team and external teams to solve challenging problems, communicate status to stakeholders, implement process changes and maintain existing systems, while researching new technologies. Rely on your broad experience and leadership skills to resolve business needs mentor less experienced team members, and resolve issues with efficiency. Your role is critical in keeping the team focused and moving at a sustainable pace.

What you will do

  • Lead complex security investigations and manage incident response processes across endpoints, networks, cloud, and applications.
  • Design and implement enterprise-level security solutions and controls.
  • Conduct risk assessments and develop strategies to mitigate information security risks.
  • Ensure ongoing compliance with regulatory and industry standards (e.g., NIST, ISO 27001, SOC 2, HIPAA, PCI DSS).
  • Provide subject matter expertise on cybersecurity architecture and secure system design.
  • Analyze threat intelligence and apply findings to strengthen organizational defenses.
  • Influence and implement TMHCC security policies, procedures, standards, and guidelines.
  • Serve as a mentor and technical resource to other information security staff.
  • Collaborate with cross-functional teams including IT, legal, compliance, and business units to align security initiatives with business goals.
  • Lead internal and external security audits and prepare management reports on risk posture and mitigation plans.
  • Core Application Security Technical Expertise
  • Secure Software Development Lifecycle (SSDLC):
    • Shift-Left Security: Deep understanding of how to embed security throughout the entire development pipeline, from requirements gathering and design (threat modeling) to coding, testing, and deployment.
    • DevSecOps Principles: Experience integrating security tools and practices into CI/CD pipelines (SAST, DAST, SCA, IAST).
    • Secure Coding Practices: Knowledge of common vulnerabilities (e.g., OWASP Top 10, CWE Top 25) and how to prevent them through secure coding. This includes understanding language-specific security best practices (e.g., .NET, Python, Java, JavaScript).
  • Vulnerability Management and Testing:
    • Static Application Security Testing (SAST): Ability to analyze source code for vulnerabilities without executing it.
    • Dynamic Application Security Testing (DAST): Experience with scanning running applications for vulnerabilities.
    • Software Composition Analysis (SCA): Proficiency in identifying and managing vulnerabilities in open-source and third-party components.
    • Interactive Application Security Testing (IAST): Knowledge of tools that combine aspects of SAST and DAST for more comprehensive runtime analysis.
    • Manual Penetration Testing & Code Review: Strong skills in manual security testing techniques and the ability to perform thorough code reviews for security flaws.
  • Cloud Security:
    • Cloud Native Application Security: Expertise in securing applications deployed in cloud environments (AWS, Azure, GCP), including serverless, containers (Docker, Kubernetes), and microservices architectures.
    • Cloud Security Best Practices: Understanding of cloud provider-specific security features (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center), secure configuration, and access management within cloud contexts.
  • API Security:
    • OWASP API Security Top 10: Deep understanding of common API vulnerabilities and how to design and implement secure APIs.
    • Authentication and Authorization: Expertise in securing API endpoints with robust authentication (OAuth, OpenID Connect) and fine-grained authorization.
  • Identity and Access Management (IAM):
    • Authentication Mechanisms: Strong knowledge of multi-factor authentication (MFA), single sign-on (SSO), and adaptive authentication.
    • Authorization Models: Experience with role-based access control (RBAC), attribute-based access control (ABAC), and least privilege principles.
    • Secrets Management: Proficiency in implementing and managing solutions for secrets management (e.g., HashiCorp Vault, CyberArk, cloud native secret stores).

What you need for this

  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field (Master’s degree preferred); or equivalent experience.
  • 10+ years of progressively responsible experience in information security roles.
  • Proven expertise in areas such as incident response, threat hunting, cloud security, data loss prevention, or security engineering.
  • Strong knowledge of cybersecurity frameworks (e.g., NIST CSF, CIS Controls, MITRE ATT&CK).
  • Experience with advanced security tools and platforms (e.g., SIEM, SOAR, EDR, CASB, DLP).
  • Excellent analytical, problem-solving, and communication skills.
  • Experience developing and presenting security metrics and executive-level reports.
  • Professional certifications such as:
    • CISSP (Certified Information Systems Security Professional)
    • CISM (Certified Information Security Manager)
    • GIAC certifications (e.g., GCIA, GSEC, GCPN)
    • AWS/Azure/GCP security certifications
    • Experience in secure software development lifecycle (SSDLC) or DevSecOps practices.
    • Familiarity with governance, risk, and compliance (GRC) tools.
    • Leadership experience in cross-functional security initiatives or mentoring security teams.

What it’s like to work at Intellias

At Intellias, where technology takes center stage, people always come before processes. By creating a comfortable atmosphere in our team, we empower individuals to unlock their true potential and achieve extraordinary results. That’s why we offer a range of benefits that support your well-being and charge your professional growth.
We are committed to fostering equity, diversity, and inclusion as an equal opportunity employer. All applicants will be considered for employment without discrimination based on race, color, religion, age, gender, nationality, disability, sexual orientation, gender identity or expression, veteran status, or any other characteristic protected by applicable law.
We welcome and celebrate the uniqueness of every individual. Join Intellias for a career where your perspectives and contributions are vital to our shared success.

Similar vacancies
Office
Software Engineering
Senior JavaScript Engineer (React Native)
Senior
India
Learn more
Hybrid
Software Engineering
Senior Software Engineer with focus on Quality and Development Experience
Senior
Learn more
Remote
ITSM
Technical Support Engineer L1/L2
Middle
Bulgaria, Egypt, Pol...
Learn more
Remote
DevOps Engineering
Azure Cloud engineer
Senior
Bulgaria, Croatia, P...
Learn more
Hybrid
Information Security
Senior Information Security Specialist
Senior
United States
Learn more
Remote
Software Engineering
Senior Python Engineer (Cloud Security)
Senior
Bulgaria, Croatia, P...
Learn more
Remote
Data Engineering
Lead Data Engineer
Lead
Bulgaria, Croatia, P...
Learn more
Remote
Data Engineering
Senior Data Engineer
Senior
Colombia, Poland, Uk...
Learn more

Have not found the most
suitable position yet?

Leave your resume and we will select a cool option for you.
Find me a job
Good news!
Link copied
Good news!
You did it.
Bad news!
Something went wrong. Please try again.