Information Security Engineer

Join to apply for the Information Security Engineer role at Heaven Hill Brands

This is an office based position with a base location in Louisville, KY.

The Information Security Engineer is responsible for strengthening and supporting Heaven Hill’s cybersecurity program. This hands‑on technical role focuses on implementation, monitoring, and continuous improvement of security controls across cloud and on‑premise environments. The Engineer supports governance and risk management efforts and plays a key role in incident response and in deploying and maintaining secure technology solutions. This position will collaborate with IT and business units to ensure Heaven Hill’s data and systems remain resilient against evolving threats, while helping enable secure and efficient access through identity and access management solutions.

This role is instrumental in advancing Heaven Hill’s overall security maturity and ensuring that cybersecurity enables, rather than limits, innovation and operational excellence.

• Design, implement, monitor, and maintain security controls across cloud, identity, endpoint, and network environments.
• Implement and manage Privileged Access Management (PAM) and Role-Based Access Control (RBAC) programs that align with business needs and support POLP (Principle of Least Privilege).
• Support and enhance Identity Management solutions, including user provisioning, Single Sign-On (SSO) integrations, and secure application configurations.
• Support secure configuration and hardening of Windows and Linux servers, as well as Windows and macOS workstations.
• Manage and maintain DNS and domain registrar configurations to ensure secure and reliable name resolution and domain integrity.
• Implement, integrate, and manage authentication, including Kerberos, FIDO2, Smart Cards, passkeys, certificate-based authentication, and TLS or key management solutions.
• Administer and support Public Key Infrastructure (PKI), including certificate issuance, renewal, and lifecycle management.
• Perform vulnerability scanning and coordinate remediation activities.
• Administer and optimize core security platforms such as endpoint detection and response (EDR) and security information and event management (SIEM) systems, including alert tuning, integration, and incident response support.
• Develop and maintain automation or scripting (e.g., Power Shell, Python) to improve efficiency in security monitoring, configuration management, and response processes.
• Monitor security events, investigate incidents, perform root cause analysis, and drive post‑incident improvements.
• Collaborate with IT and business teams to ensure security considerations are integrated into infrastructure and project planning from the outset.

• Conduct and document formal risk assessments, identify, evaluate, and communicate risk mitigation strategies.
• Develop, update, and maintain cybersecurity policies, standards, and procedures aligned with the NIST framework.
• Partner across the business to build awareness, ensure accountability, and foster a risk‑informed culture.
• Support security aspects of vendor assessments and technology evaluations.

• Provide security guidance for new initiatives, integrations, and system changes.
• Contribute to incident response planning, tabletop exercises, and lessons‑learned reviews.
• Develop, maintain, and refine security operations and incident response playbooks to support consistent and effective response activities.
• Stay informed on emerging threats, technologies, and best practices relevant to manufacturing and spirits production environments.

We’re looking for someone with a blend of technical expertise, strong communication skills, and a proactive mindset. You should be comfortable tackling complex security challenges and building collaborative relationships across the business.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience along with an Information Technology related associate's degree.
• Minimum 5 years of experience…