Information Security Specialist

Information Security Specialist | The Shyft Group, Inc. | REMOTE

Regular Employee | Salary Non-Exempt

The IT Security Specialist is responsible for designing, implementing, and maintaining the organization’s cybersecurity infrastructure across information technology, operational technology, and cloud environments. This position plays a vital role in safeguarding corporate systems, networks, and information by monitoring emerging threats and vulnerabilities.

The individual in this role will work collaboratively with all departments across Aebi Schmidt Group to assess risk, coordinate vulnerability remediation, and develop defensible architectures to protect our assets. The IT Security Specialist will apply technical expertise to implement and manage security tools, automate key processes, and support incident response activities to minimize business impact and maintain continuity of operations.

This position requires strong analytical and problem‑solving skills, a comprehensive understanding of cybersecurity principles and technologies, and the ability to communicate effectively with both technical and non‑technical stakeholders.

• Design, implement, and manage cybersecurity solutions across endpoints, networks, cloud, and identity management systems
• Conduct vulnerability assessments and coordinate remediation efforts across IT and Dev Ops teams
• Monitor, triage, and manage alerts from cybersecurity related tools and services
• Leverage cybersecurity related tools and benchmarks to harden and build defensible IT systems and resources
• Participate in incident response efforts including triage, containment, eradication, and post‑incident efforts
• Perform risk assessments on new technologies, vendors, and IT system changes
• Automate repetitive tasks using Python, Bash, Power Shell, Terraform, or equivalent scripting languages

• Bachelor’s degree in computer science, information systems, cybersecurity, or related field
• Relevant cybersecurity certifications such as CompTIA’s Security+
• 5+ years of hands‑on experience in cybersecurity or infrastructure security role
• 3 – 5 years of experience in cloud technologies such as AWS and Azure
• Strong understanding of networking and security protocols, firewalls, VPNs, SIEM, EDR/XDR, and vulnerability management
• Knowledge of IAM concepts; idP, MFA, SSO, SAML/OAuth2, and the access policies that control them
• Working knowledge of scripting or automation languages such as Python, Power Shell, or equivalent
• Industry leading certifications such as CISSP, CEH, GICSP, or GSEC
• Exposure to compliance standards such as ISO 27001, NIST, and PCI DSS
• Experience with CI/CD pipelines or Dev Sec Ops  methodologies
• Familiarity with the MITRE ATT&CK framework and threat hunting
• Implement and manage OT cybersecurity controls across plant floor networks, control systems, and IT infrastructure
• Data management and discovery tools such as Purview or other data loss prevention technologies

• Health & Wellness: Medical, Dental, Vision, HSA/FSA, Wellness Plan
• Financial Security: 401(k) with match, Disability, Life Insurance
• Work/Life & Growth: Educational Reimbursement, EAP, Dependent Care

The Shyft Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, genetic information, status as a protected veteran or status as a qualified individual with a disability, or any other characteristic protected by applicable federal, state, or local law. If you have a disability and would like to request an accommodation in order to apply, please email us at

Shyft uses E-Verify, which is an online system operated by the U.S. Department of Homeland Security in partnership with the Social Security Administration to verify employment eligibility and validate social security numbers. Through participation in the E-Verify program, information entered on Form I-9 will be provided and compared to information available at both of these agencies. See posters for more details.

E-Verify Notice U.S. Right to Work Notice.