Product Information Security Engineer

Date:  Jul 14, 2022

Rancho Cordova, CA, US, 95670

Company:  NCA - NEC Corporation of America

Location: Sacramento, CA preferred, but remote work is acceptable 

Must be authorized to work in the U.S.


Job Title:  Information Security Engineer

Organization Name:  ARS

Reporting Relationship: Information Security Architect





In this critical role, the Information Security Engineer will have the opportunity to work with senior leadership, DevSecOps, and Engineering teams to ensure information security risks are identified, documented, and mitigated. Your role will be to ensure that effective security controls are in place that comply with the organization’s information security policies, standards, operating procedures, industry best practices, and regulatory requirements. 



Essential Duties & Responsibilities                                                                                                                                          


  • Drive the execution of the Information Security Management System (ISMS) and secure SDLC in a DevSecOps environment 
  • Identify opportunities for improvement to the Advanced Recognition Systems ISMS 
  • Collaborate with DevSecOps teams to identify right software and infra security toolsets, prepare integration strategy with CI/CD pipeline and automation 
  • Execute security tools for SAST, DAST, OSS scan, pen-test etc. and prepare the security reports for internal and external stakeholders.
  • Work with SWD and QA teams closely and educate them for all aspects of secure SDLC including OWASP10
  • Hands on knowledge on end point security, cloud/infra security, K8s security will be helpful
  • Participate in the code review as needed and recommend any fixes required for security vulnerability.  
  • Review and audit security controls for effectiveness and completeness 
  • Maintain awareness of current security trends and facilitate information sharing and security awareness across functional teams 
  • Respond to project driven security initiatives to ensure we meet or exceed our customer requirements 
  • Perform and coordinate penetration tests with internal and third parties as needed. Ensure outputs are focused and provide recommendation on applicable remediations 
  • Work to enhance security operations and response capabilities. Review and improve incident response playbooks to address emerging threats 
  • Work effectively within a matrix organization, handle multiple priorities in an efficient manner, and communicate effectively with senior leadership and employees. 



Education: Bachelor’s Degree in Cyber Security, Computer Science, Network and Systems Infrastructure, or 4 years of relevant work experience.


  • Experience securing cloud (Azure and AWS) and on-prem infrastructure and applications  
  • Experience utilizing security event monitoring tools   
  • Currently Hands-on with infrastructure and software vulnerability scanning tools (SAST, DAST, IAST) and providing comprehensive analysis of results and recommendations for fixes based on severity
  • Experience translating security policy into technical controls 
  • Experience coordinating application penetration tests with internal and third-party teams as required 
  • Experience with Azure AD, OAuth 2, SSO, Keycloak, PKI, and modern authentication protocols like OpenID connect and SAML is preferred.


Certifications, Licenses, etc. : Certifications related to Azure, AWS, Security, Networking, or Systems a plus


Specialized Knowledge and Skills


Communication Skills: Highly developed communication skills: the ability to interact effectively with people across the enterprise and within customer organizations to accomplish assigned tasks.


Mathematical Skills: Fundamental mathematical skills useful in interpreting statistics and generating meaningful outputs.


Reasoning Skills: Problem analysis and problem resolution at both a strategic and functional level.



Computer and/or Technical Skills: Knowledge and experience with AWS, Azure, and on-premise systems.  Experience in identity management or biometrics is a benefit.  Experience in scalability, failover, high availability, capacity planning, security, and compliance. 


Travel: Infrequent travel is necessary, < 10%.



Headquartered in Irving, Texas, NEC is a leading provider of innovative IT, biometrics, network, and communications products and solutions for service carriers and Fortune 1000 and SMB businesses across multiple vertical industries, including healthcare and government education, and hospitality. NEC delivers one of the industry's broadest portfolios of technology solutions and professional services, including unified communications, wireless, voice and data, managed services, server, storage infrastructure, optical network systems, microwave radio communications, and biometric security. NEC is a wholly owned subsidiary of NEC Corporation, a global technology leader with a presence in over 44 countries and more than $37.5 billion in revenue. For more information, please visit


NEC Corporation of America and its subsidiaries are committed to the maximum utilization of all human resources and the goal of Equal Employment Opportunity/Affirmative Action. Accordingly, we provide equal opportunities to all employees and applicants for employment without regard to race, color, religion, national origin, sex, sexual orientation, age, marital status, disability, genetic characteristics, height, weight, arrest record pertaining to misdemeanors or status as a Vietnam era or special disabled veteran, or any other class protected by applicable federal, state or local laws.

EOE-Minorities/Females/Protected Veterans/Individuals with Disabilities

Nearest Major Market: Sacramento

Job Segment: Information Security, Cloud, Testing, Developer, Engineer, Technology, Engineering