Apply on Employer Site

Heaven Hill Brands · 3 days ago

Information Security Engineer

Louisville, KY

Full-time

Onsite

Senior Level

5+ years exp

Heaven Hill Brands is focused on strengthening its cybersecurity program and is seeking an Information Security Engineer. This role involves implementing and monitoring security controls, supporting governance and risk management efforts, and collaborating with IT and business units to ensure data and system resilience against evolving threats.

Wine And Spirits

H1B Sponsor Likely

Responsibilities

Design, implement, monitor, and maintain security controls across cloud, identity, endpoint, and network environments

Implement and manage Privileged Access Management (PAM) and Role-Based Access Control (RBAC) programs that align with business needs and support POLP (Principle of Least Privilege)

Support and enhance Identity Management solutions, including user provisioning, Single Sign-On (SSO) integrations, and secure application configurations

Support secure configuration and hardening of Windows and Linux servers, as well as Windows and macOS workstations

Manage and maintain DNS and domain registrar configurations to ensure secure and reliable name resolution and domain integrity

Implement, integrate, and manage authentication, including Kerberos, FIDO2, Smart Cards, passkeys, certificate-based authentication, and TLS or key management solutions

Administer and support Public Key Infrastructure (PKI), including certificate issuance, renewal, and lifecycle management

Perform vulnerability scanning and coordinate remediation activities

Administer and optimize core security platforms such as endpoint detection and response (EDR) and security information and event management (SIEM) systems, including alert tuning, integration, and incident response support

Develop and maintain automation or scripting (e.g., PowerShell, Python) to improve efficiency in security monitoring, configuration management, and response processes

Monitor security events, investigate incidents, perform root cause analysis, and drive post-incident improvements

Collaborate with IT and business teams to ensure security considerations are integrated into infrastructure and project planning from the outset

Conduct and document formal risk assessments, identify, evaluate, and communicate risk mitigation strategies

Develop, update, and maintain cybersecurity policies, standards, and procedures aligned with the NIST framework

Partner across the business to build awareness, ensure accountability, and foster a risk-informed culture

Support security aspects of vendor assessments and technology evaluations

Provide security guidance for new initiatives, integrations, and system changes

Contribute to incident response planning, tabletop exercises, and lessons-learned reviews

Develop, maintain, and refine security operations and incident response playbooks to support consistent and effective response activities

Stay informed on emerging threats, technologies, and best practices relevant to manufacturing and spirits production environments

Qualification

Cloud securityMicrosoft Entra IDIdentity managementVulnerability scanningPublic Key InfrastructureEndpoint protectionNetwork securityData protectionRisk managementIncident responseManufacturing experienceOT/ICS securitySecurity documentationDevSecOps principlesProfessional certificationsCommunication skills

Required

Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience along with Information Technology related associate's degree

Minimum 5 years of experience in cybersecurity engineering and/or IT engineering

Strong cloud security experience, including the design input, configuration, and operation of controls in cloud and hybrid environments

Hands-on experience with Microsoft Entra ID (Azure AD), including Conditional Access, identity lifecycle management, and integration within hybrid Active Directory environments

Experience with enterprise email security, endpoint protection, network security, data protection

Experience implementing and managing Microsoft Purview for data protection, governance, and compliance

Experience supporting third-party risk management or vendor assessments

Strong understanding of identity, endpoint, and network security architectures and their integration across enterprise environments

Experience performing root cause analysis during and after security incidents

Experience developing or contributing to security documentation such as policies, standards, or procedures

Strong communication skills across technical and non-technical audiences

Experience in manufacturing or industrial environments

Familiarity with OT/ICS security principles, including network segmentation, asset visibility, and industrial protocol security

Preferred

Professional certifications such as CISSP, CISM, CRISC, or equivalent

Understanding secure application deployment or DevSecOps principles

Benefits

Paid Vacation

11 Paid Holidays

Health, Dental & Vision eligibility from day one

FSA/HSA

401K match

EAP

Maternity/Paternity Leave

Company

Heaven Hill Brands

Independent. Family-led. Legacy-built.

Founded in 1934

Bardstown, Kentucky, USA

1001-5000 employees

http://www.heavenhill.com/

H1B Sponsorship

Heaven Hill Brands has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2021 (2)