IT Security Engineer
Listed on 2026-06-18
-
IT/Tech
Cybersecurity, Information Security, IT Consultant, Network Security
Dedicated to innovative placemaking, Howard Hughes Communities is the real estate platform of Howard Hughes Holdings Inc. (NYSE: HHH) and is recognized for its ongoing commitment to design excellence and to the cultural life of its communities. Building on that foundation, we foster a culture of curiosity that empowers every employee to shape their own story within our organization.
AboutThe Role
The IT Security Engineer, reporting to the IT Security Lead, is responsible for protecting the integrity, confidentiality, and availability of Howard Hughes Holdings’ (HHH) IT infrastructure across both on premises and cloud environments. This role supports the design, implementation, and operation of security controls and processes that enable secure business operations. The IT Security Engineer partners closely with the IT Security Lead, Infrastructure, Application, and GRC teams to detect, prevent, and respond to security threats across the enterprise.
WhatYou Will Do Security Monitoring & Incident Response
- Monitor networks, endpoints, and systems for security breaches using HHH’s EDR solution and SIEM to detect intrusions and anomalous behavior.
- Triage and investigate alerts, escalating and collaborating with the IT Security Lead as appropriate.
- Lead hands‑on technical response for security incidents, including containment, eradication, and recovery activities, in coordination with the IT Security Lead and MDR partner.
- Conduct or support technical and forensic investigations to determine root cause and scope of incidents.
- Document and maintain incident response procedures, playbooks, and post‑incident lessons learned.
- Continuously improve the Incident Response Plan and procedures to align with emerging threats and business needs.
- Perform network and system security assessments and audits to identify control gaps and weaknesses.
- Organize and conduct vulnerability scans and testing (in coordination with relevant teams) to identify vulnerabilities across infrastructure and applications.
- Conduct or coordinate penetration testing and simulate attacks to identify exploitable weaknesses.
- Analyze and report results of scanning and testing, including risk ratings and remediation recommendations.
- Partner with system owners to track, prioritize, and drive remediation of identified vulnerabilities within agreed SLAs.
- Support the IT Security Lead and senior security leadership in analyzing, designing, and maintaining security roadmaps and implementation plans.
- Identify, define, and document system security requirements for new and existing solutions.
- Recommend security solutions, patterns, and standards to management and project teams.
- Implement, maintain, and monitor NIST‑aligned security controls to protect infrastructure and systems.
- Create, modify, and maintain security and risk‑focused business intelligence dashboards and reports to support decision‑making.
- Implement and manage security tools (including open‑source and third‑party solutions) that assist in detection, prevention, and analysis of security threats.
- Review and help tune configurations for firewalls, data encryption, EDR, email security, and other security products to ensure alignment with standards and policies.
- Review and evaluate email and other forms of communication for potential phishing, data loss, or other security risks.
- Support and maintain security relevant hardware, software, and connectivity components within the network security framework.
- Design and plan major security‑related upgrades and changes to ensure reliability, availability, and secure operations.
- Collaborate with IT engineers, systems administrators, application, and IT Governance, Risk, and Compliance teams to design secure technical solutions and processes.
- Provide guidance to the application development team on secure coding standards and secure SDLC practices.
- Conduct or support user awareness training on information security standards, policies, and best practices.
- Share threat intelligence, incident trends, and control…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).