Fast Facts

Join OCLC as a Lead Information Security Engineer to enhance and protect our enterprise security infrastructure in a collaborative, innovative environment.

Responsibilities: Oversee security infrastructure development and monitoring, manage incident response practices, conduct vulnerability assessments, and support application development security programs.

Skills: Strong experience in security design and engineering, web application security, incident response, and familiarity with security tools such as SIEM and vulnerability management.

Qualifications: 7+ years in IT with a focus on IT security; Bachelor’s degree in a related field preferred; certifications like COMPTIA Security+ and CCNA are a plus.

Location: This position is located at our corporate headquarters in Dublin, OH, requiring on-site presence three days a week.

Compensation: Not provided by employer. Typical compensation ranges for this position are between $120,000 - $160,000.

Together we make breakthroughs possible.

At OCLC, we build technology with a purpose: to connect libraries and make knowledge accessible worldwide, because we believe that what is known must be shared. Our teams work with complex global datasets, AI and machine learning, hybrid cloud solutions, and other technologies that connect people and organizations to the information they need. We value the power of unique perspectives and experiences to unlock innovation. At OCLC, your ideas matter, whether you have two years of experience or 20. You’ll learn, create, and problem-solve with technologists, product developers, librarians, researchers, marketing pros, and support teams around the world.

Why join OCLC?

OCLC is consistently recognized as a best place to work by several independent programs Werecognize and rewardpeople and resultswith a comprehensive Total Rewards package. This means competitive compensation that reflects your unique contributions—performance, experience, and skills—along with exceptional benefits, including best-in-class health coverage, retirement plans with generous company contributions, and a commitment to your overall well-being.

• We know the best ideas don’t always happen at a desk. Take a walking meeting around our 100-acre campus or enjoy lunch on the patio.We’re committed to your success—both personally and professionally. Hybrid work environment: For many roles, three days a week on-site, with occasional additional days based on business needs.
• Free use of our on-site fitness center, gym sports, group exercise classes, and game room
• Onsite catering and cafeteria subsidized by OCLC
• Health and wellness events
• Work environments with individual and team spaces and the latest technology tools
• Paid parental leave and adoption assistance
• Tuition reimbursement and Public Service Loan Forgiveness eligibility
• Company-subsidized pricing on local tickets and memberships

Join us in transforming how people everywhere access informationand be part of a mission-driven team that makes a global impact.

The Job Details are as follows:

We’re looking for a Lead Information Security Engineer to help strengthen and protect our enterprise security environment. In this role, you’ll be responsible for monitoring, developing, and supporting security infrastructure and solutions, while working closely with a collaborative team that values knowledge sharing and innovation. This is a hybrid role and requires you to be on-site at our corporate headquarters in Dublin, OH three days a week.

The Lead Info Security Engineer is responsible for monitoring, developing, and supporting the security infrastructure and other security solutions within the enterprise. The Lead Info Security Engineer is tasked with protecting computer assets by establishing and monitoring technical vulnerabilities and security monitoring tools, such as Intrusion and Malware Detection Tools. This position is also responsible for identifying and responding to security and operational incidents as appropriate. Other duties include configuring security systems, performing advanced maintenance activities, and conducting functions such as vulnerability assessments, penetration testing, and developing and implementing new technologies, policies, and procedures.

Requirements

• Leads and enhances OCLC’s information security test and evaluation program, including management of ongoing vulnerability and secure configuration deviation identification, and coordinating remediation activities with system, application and process owners, especially as they relate to application development.
• Leads OCLC’s computer incident response practices including incident management, coordination, analysis and investigation of potential security events.
• Leads OCLC’s application development security program as it relates to incorporating the appropriate controls into the software development process.
• Analyzes & assists the development and interpretation of information security and security operations processes and requirements. Translates requirements and designs to assist operations.
• Leads efforts to install and implement system patches, service packs and version upgrades as assigned; leads process improvement efforts; familiar with industry best practices; develops and maintains a roadmap for future system improvements; ushers through simple to complex system environment changes.
• Assist with implementing aspects of the Information Security Risk Management Program related to identification, measurement, monitoring and reporting on security related risks. Examples include: data classification, security metrics, system risk assessments, third party system risk assessments, etc. 
• Conducts security vulnerability scans of operating systems and applications, produce reports, and make recommendations for vulnerability remediation
• Supports security awareness by providing orientation, educational programs, and on-going communication.
• Plans and recommends security measures to protect an organization's computer networks and systems.
• Serves as mentor and support as needed for less experienced Security Analysts

What We’re Looking For

• Strong experience in security design/engineering, web application security, and incident response.
• Familiarity with SIEM, EDR/XDR, SOAR, WAF, and vulnerability management tools.
• Ability to take initiative, solve problems proactively, and communicate technical concepts clearly.
• Bonus: Experience with automation to enhance efficiency and response.

Qualifications

• 7+ years experience in an information technology role with knowledge of IT security and Bachelor’s degree in business administration, computer security, or a technology related field (preferred).
• Attention to detail, ability to organize work, and follow-up skills are critical to the successful performance of position responsibilities
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences
• Ability to prioritize and address multiple projects and meet deadlines is critical 
• Strong troubleshooting and organizational skills
• Self-reliant, resourceful but able to know when to ask for help
• Understanding of Security frameworks, such as ISO/IEC 27001 or NIST 800-53
• Knowledge of Information Security Policies, Informing Others, Microsoft and Linux System Administration, Network Security, Firewall Administration, Problem Solving, Process Improvement, Project Management, On-Call, Network Protocols, Routers, Hubs, and Switches.
• Certifications:  COMPTIA Security+, Network+, CCNA, or other security certifications preferred.

Working Conditions: Normal office environment.

ADA/EAA: The above statements cover what are generally believed to be the principal and essential functions of this job. Specific circumstances may allow or require some people assigned to the job to perform a somewhat different combination of duties.