Implement, operate, monitor, and maintain enterprise security platforms, including hardware, software, customer applications, managed services, and vendor solutions.
Own day‑to‑day operational support of security controls, ensuring availability, performance, and minimal business disruption.
Research, validate, and deploy security solutions that meet both business and security requirements.
Conduct performance and stress testing to identify limitations while supporting innovation and usability.
Secure Design & Project Delivery
Participate in and lead security design discussions, ensuring solutions align with architecture standards and secure‑by‑design principles.
Contribute to security projects that assess existing infrastructure, recommend improvements, and deliver enhancements on time, within budget, and in accordance with SLAs.
Develop security test plans from architectural designs, identify gaps, and implement improvements prior to production impact.
Actively participate in change management and change review processes.
Incident Response & Detection
Support and participate in incident response activities, including investigation, containment, remediation, and post‑incident reviews.
Drive improvements to detections, controls, and response playbooks based on real‑world incident learnings.
Influence the planning and execution of incident response exercises and postmortems, creating measurable benchmarks to track maturity and progress.
Participate in or support off‑hours response activities as required.
Risk, Compliance & Governance
Implement technical controls aligned to regulatory and compliance requirements such as HIPAA, PCI, SOX, GLBA , and applicable privacy laws.
Translate compliance and risk requirements into enforceable, scalable security solutions.
Partner with audit, risk, and compliance teams while maintaining a strong engineering and operational focus.
Collaboration & Continuous Improvement
Work closely with architects, SOC analysts, incident responders, infrastructure teams, and application developers.
Respond to service requests and escalation tickets within SLA expectations.
Drive automation and efficiency to reduce manual effort and enable focus on higher‑value security initiatives.
Perform other duties as assigned.
Hands‑On Engineering Experience
Direct ownership of enterprise security platforms such as SIEM, EDR, IDS/IPS, IAM, vulnerability management , and related tooling.
Proven ability to deploy, tune, troubleshoot, and operate security controls in production environments.
Experience supporting real security incidents-not just alert triage.
Technical Focus Areas
Cloud & Hybrid Security: Securing workloads across AWS and/or Azure, alongside on‑prem environments; deep understanding of identity, networking, logging, and monitoring.
Incident Detection Engineering: Improving detections, alerts, and response workflows based on threat intelligence and observed attacker behavior.
Security Automation: Using scripting or automation to improve efficiency, reliability, and scale.
Operational Excellence: Strong discipline around SLAs, change management, and production stability.
Collaboration & Working
Benefits
Vision insurance
Additional Information
At ALSAC you do more than make a living; you make a difference.
We like people who are different...because we're different, too. As one of the world's most iconic and respected nonprofits, we know what it's like to stand out. That's why we're looking at you. Your background, perspective, and desire to make an impact set you apart. As we work to help St. Jude cure childhood cancer, we're calling on the game-changers, innovators and visionaries to join our family. Not just for the kids of St. Jude, but also for you. Because at ALSAC, we develop and celebrate our employees. So, bring your whole, authentic self and become part of our shared mission: Finding cures. Saving children.®
Job Description
The Information Security Engineer is responsible for implementing, operating, monitoring, and continuously improving enterprise security solutions across cloud, on‑prem, and hybrid environments. This role focuses on hands‑on engineering and operational ownership , ensuring security controls are effective, resilient, and aligned with architectural standards, best practices, and regulatory requirements.
As risks evolve, the Information Security Engineer proactively recommends and implements enhancements to keep pace with the modern threat landscape.
This role works closely with security leadership, architects, infrastructure teams, application development, the Security Operations Center (SOC), audit, and business stakeholders. The engineer plays a direct role in securing systems, applications, third‑party integrations, service providers, and business‑to‑business initiatives.
Success in this role is measured by outcomes -improved detection capability, reduced risk exposure, operational stability, and the maturity of security tooling and processes.
Alsacstjude · Memphis, TN