Job DescriptionThe Company: Cognex CorporationCognex is the world’s leading provider of vision systems, software, sensors, and industrial barcode readers used in manufacturing automation. Cognex vision helps companies improve product quality, eliminate production errors, lower manufacturing costs, and exceed consumer expectations for high quality products at an affordable price. Typical applications for include detecting defects, monitoring production lines, guiding assembly robots, and tracking, sorting and identifying parts.Cognex serves an international customer base from offices located throughout the Americas, Europe, and Asia, and through a global network of integration and distribution partners. The company is headquartered close to Boston in Natick, MassachusettsThe Role: As an Information Security Engineer, you will work with our InfoSec analysts and engineers to locate and improve weak points in our security and mature Cognex’ InfoSec program. You may suggest new hardware or develop software to fix any issues. You will also perform routine maintenance to keep our security systems running efficiently and defend the network and systems from various cybersecurity threats. Security engineers assist in protecting sensitive data, as well as developing secure systems and responding to cyberattacks.Develop and implement security policies and proceduresDevelop and maintain the organization's security framework in alignment with business goals and objectivesMaintaining and monitoring security systems (i.e., firewalls, IDS/IPS, VPNs, Endpoint security platforms, SIEM, TVM)Progress & mature Cognex’ security programSecurity AssessmentsRisk Analyses, Vulnerability Assessments, Penetration TestingDevelop mitigation strategiesCollaborate with InfoSec & ITStay up to date on emerging threats, vulnerabilities, and security technologiesBe a champion for InfoSec to employees on information security policies, procedures, and best practicesKnowledge:Understanding of information & cyber security concepts, principles, best practices, common types of cyber threats and attack vectors, and security frameworks, such as NIST, ISO 27001, CIS, and HITRUSTKnowledge of network and system administration, including cloud environments, firewalls, intrusion detection and prevention systems, operating systems, databases, applications, protocols, and other security toolsUnderstanding of encryption, cryptography, web application security, secure coding practices, proxies, architecture, and assessment tools and techniquesIntermediate knowledge of regulatory compliance requirements such as Sarbanes Oxley, PCI-DSS, HIPAA, GDPR, CCPA, etc.Intermediate understanding of incident response, disaster recovery, and Business Continuity plan procedures, including forensic analysis techniquesFamiliarity with cloud security concepts and practices, including DevSecOpsSkills:Skills in responding to security threats, incidents, and breachesRisk managementIntermediate skills to utilize InfoSec assessment tools and techniquesIntermediate skills to design, implement, and manage security technologies (i.e., firewalls, IDS/IPS, VPNs, anti-virus & EDR softwareIntermediate skills in Scripting and programmingIntermediate skills in InfoSec documentation (i.e., policies, procedures, standards, guides, reports)Excellent analytical, problem-solving, and critical thinking skills to identify and mitigate complex security risksTask and project prioritizationsAbilities:Ability to read and Analyze system security logsUnderstand how to write high-quality incident reportsExceptional communication and interpersonal skills to work with technical and non-technical stakeholders, including executive-level leadership within InfoSec & IT.Able to conduct in-depth security assessments and auditsAutomate InfoSec tasks and processes.Create and maintain security documentation such as policies, standards, and proceduresIdentify and address security vulnerabilities in system, network, and application architecturesTrain & mentor less experienced InfoSec EngineersMaintain high ethical & professional behavior in dealing with sensitive and confidential informationLearn and adapt quicklyWork under pressure and high stress situations as in during security incidents or breaches3+ years of experience in information security engineering or related field in an enterprise environment.Intermediate familiarity with security technologies such as firewalls, intrusion detection/prevention systems, and endpoint securityIntermediate familiarity with security standards and frameworks (e.g., NIST, ISO 27001)Intermediate experience with one or more scripting languagesIntermediate understanding of network protocols and operating systemsStrong written and verbal communication skillsIndustry certifications such as Security+, SSCP, CEH, GSEC, CASP+ are a plusBachelor's degree in computer science, Information Security, Cybersecurity, or related field or equivalent experienceAdditional Job DescriptionEqual Employment OpportunityCognex is an equal opportunity employer. Cognex evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.
