Senior Information Security Engineer at Glendale, CA Onsite

About Infinite:

Infinite is a global leader in digital engineering and IT services, with over 20 years of experience driving digital transformation. We partner with leading Fortune 1000 companies to deliver innovative, scalable technology solutions that accelerate business outcomes.

With deep expertise in telecommunications, healthcare, banking, and finance, Infinite helps organizations optimize and modernize their technology landscapes to achieve long-term growth and efficiency.

Key Responsibilities

• Security Policy Management: Develop, implement, and maintain information security policies, standards, and procedures. Ensure that all policies align with industry best practices and regulatory requirements.
• Monitor and analyze network and system activity to identify potential security threats using Security Information and Event Management (SIEM) tools and related monitoring technologies.
• Compliance Oversight: Monitor compliance with internal policies and external regulations (such as GDPR, CCPA, ISO 27001, or other standards relevant to WDI Tech Studio). Conduct periodic audits and assessments to verify adherence and prepare reports for management.
• Risk Assessment: Identify, evaluate, and mitigate risks to information assets. Facilitate risk assessments and vulnerability analyses, coordinating remediation activities with technical teams.
• Incident Response: Serve as the first point of contact for security incidents. Coordinate incident response activities, document findings, and lead post-incident reviews to strengthen future preparedness. Implement, maintain, and upgrade cybersecurity measures, including endpoint protection, data loss prevention (DLP), and vulnerability management systems.
• Conduct incident response activities to investigate, contain, and remediate security events, ensuring timely and effective resolution. Support internal and external audits by preparing and maintaining documentation that demonstrates compliance with regulatory standards and company policies.
• Assist in the development and enforcement of security policies, procedures, and standards aligned with industry best practices and governance frameworks.
• Awareness: Develop and deliver security awareness training programs for employees. Promote a culture of security across all departments.
• Collaboration: Work closely with IT, legal, human resources, and other departments to ensure consistent application of security controls and compliance requirements.
• Reporting: Prepare regular reports for senior management regarding the status of the security program, compliance metrics, and incident trends.
• Collaborate with cross-functional teams to evaluate cybersecurity risks, provide technical guidance, and strengthen secure software and system implementations.
• Contribute to security awareness efforts by helping deliver training sessions and educational initiatives that promote organizational compliance and risk awareness.
• Stay informed on emerging cybersecurity threats, attack techniques, and evolving regulatory requirements to ensure proactive risk mitigation.

Qualifications

• Bachelor s degree in information security, Cybersecurity, Computer Science, or a related field.
• Strong analytical, organizational, and communication skills.
• Ability to work independently and collaboratively in a fast-paced environment.
• Demonstrated ability to manage multiple projects and priorities.
• Experience supporting production systems in a defense, robotics, or hardware-adjacent environment.
• Knowledge of security architectures for embedded and cyber-physical systems.
• Experience with programmable logic devices (FPGAs) and associated toolchains.
• Experience with building, testing, and delivering production-grade embedded, windows OS or Linux systems.
• Experience in infrastructure-as-code (e.g. Terraform, CloudFormation).
• Proven track record of leading engineers through complex, hands-on work.

Preferred

• Professional certifications such as CISSP, CISM, or CompTIA Security+ preferred.
• Experience with regulatory compliance frameworks (e.g., GDPR, ISO 27001, NIST).

Skills Required:

• Strong analytical, organizational, and communication skills
• Proven ability to work independently and collaboratively in a fast-paced environment
• Demonstrated capacity to manage multiple projects and priorities simultaneously
• In-depth knowledge of cybersecurity principles, practices, and emerging trends
• Experience with risk assessment, vulnerability management, and incident response
• Familiarity with security frameworks and regulatory compliance relevant to software, applications, and infrastructure assets
• Proficiency in monitoring systems for threats and implementing effective security controls
• Ability to collaborate with development and IT teams to ensure secure deployment and maintenance of technology assets
• 3+ years of experience in a ProdSec, Security Engineering, or DevOps role
• Strong skills in one or more programming languages (e.g. C/C++, Rust, Python, Bash).
• Proficient in Python and Bash for automation of deployments, scans, and implementing security guardrails.
• Demonstrated ability to assess and harden security of firmware, applications, networks, IoT, and embedded systems.
• Proven track record building, testing, and delivering production-grade embedded and/or Linux-based systems.
• Experience with CI/CD pipelines using tools like GitHub Actions, GitLab CI, Jenkins, etc
• Familiarity with security-relevant features of at least one embedded ARM chip, NVIDIA Jetson
• Familiarity with compliance standards (e.g. DoD ATO, FedRAMP, NIST 800-171, or NIST 800-53)
• Familiarity with anti-tamper strategies and reverse-engineering tools.
• Comfortable owning large initiatives end-to-end with minimal oversight.
• Hands-on experience with security tools such as firewalls, intrusion detection/prevention systems, and endpoint protection solutions
• Commitment to continuous learning in the rapidly evolving field of information security