Information Security Engineer at Heaven Hill Brands

This is an office based position with a base location in Louisville, KY.

What The Role Is

The Information Security Engineer is responsible for strengthening and supporting Heaven Hill’s cybersecurity program. This hands-on technical role focuses on implementation, monitoring, and continuous improvement of security controls across cloud and on-premise environments. The Engineer supports governance and risk management efforts and plays a key role in incident response and in deploying and maintaining secure technology solutions.

This position will collaborate with IT and business units to ensure Heaven Hill’s data and systems remain resilient against evolving threats, while helping enable secure and efficient access through identity and access management solutions.

This role is instrumental in advancing Heaven Hill’s overall security maturity and ensuring that cybersecurity enables, rather than limits, innovation and operational excellence.

How You Will Spend Your Time?

Security Engineering & Operations

• Design, implement, monitor, and maintain security controls across cloud, identity, endpoint, and network environments.
• Implement and manage Privileged Access Management (PAM) and Role-Based Access Control (RBAC) programs that align with business needs and support POLP (Principle of Least Privilege).
• Support and enhance Identity Management solutions, including user provisioning, Single Sign-On (SSO) integrations, and secure application configurations.
• Support secure configuration and hardening of Windows and Linux servers, as well as Windows and macOS workstations.
• Manage and maintain DNS and domain registrar configurations to ensure secure and reliable name resolution and domain integrity.
• Implement, integrate, and manage authentication, including Kerberos, FIDO2, Smart Cards, passkeys, certificate-based authentication, and TLS or key management solutions.
• Administer and support Public Key Infrastructure (PKI), including certificate issuance, renewal, and lifecycle management.
• Perform vulnerability scanning and coordinate remediation activities.
• Administer and optimize core security platforms such as endpoint detection and response (EDR) and security information and event management (SIEM) systems, including alert tuning, integration, and incident response support.
• Develop and maintain automation or scripting (e.g., PowerShell, Python) to improve efficiency in security monitoring, configuration management, and response processes.
• Monitor security events, investigate incidents, perform root cause analysis, and drive post-incident improvements.
• Collaborate with IT and business teams to ensure security considerations are integrated into infrastructure and project planning from the outset.
  
  

Risk & Governance

• Conduct and document formal risk assessments, identify, evaluate, and communicate risk mitigation strategies.
• Develop, update, and maintain cybersecurity policies, standards, and procedures aligned with the NIST framework.
• Partner across the business to build awareness, ensure accountability, and foster a risk-informed culture.
• Support security aspects of vendor assessments and technology evaluations.
  
  

Collaboration & Continuous Improvement

• Provide security guidance for new initiatives, integrations, and system changes.
• Contribute to incident response planning, tabletop exercises, and lessons-learned reviews.
• Develop, maintain, and refine security operations and incident response playbooks to support consistent and effective response activities.
• Stay informed on emerging threats, technologies, and best practices relevant to manufacturing and spirits production environments.
  
  

Who You Are…

Required Skills and Experience:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent experience along with Information Technology related associate's degree.
• Minimum 5 years of experience in cybersecurity engineering and/or IT engineering.
• Strong cloud security experience, including the design input, configuration, and operation of controls in cloud and hybrid environments.
• Hands-on experience with Microsoft Entra ID (Azure AD), including Conditional Access, identity lifecycle management, and integration within hybrid Active Directory environments.
• Experience with enterprise email security, endpoint protection, network security, data protection.
• Experience implementing and managing Microsoft Purview for data protection, governance, and compliance.
• Experience supporting third-party risk management or vendor assessments.
• Strong understanding of identity, endpoint, and network security architectures and their integration across enterprise environments.
• Experience performing root cause analysis during and after security incidents.
• Experience developing or contributing to security documentation such as policies, standards, or procedures.
• Strong communication skills across technical and non-technical audiences.
• Experience in manufacturing or industrial environments.
• Familiarity with OT/ICS security principles, including network segmentation, asset visibility, and industrial protocol security.
  
  

Valued But Not Required Skills And Experience

• Professional certifications such as CISSP, CISM, CRISC, or equivalent.
• Understanding secure application deployment or DevSecOps principles.
  
  

Physical Requirements

While performing duties of job, employee is occasionally required to:

• Stand; walk; use hands and fingers to handle or feel objects; use a computer; and reach with hands and arms.
• Occasionally lift and/or move up to 20 pounds.
  
  

Benefits

• Paid Vacation
• 11 Paid Holidays
• Health, Dental & Vision eligibility from day one
• FSA/HSA
• 401K match
• EAP
• Maternity/Paternity Leave
  
  

Heaven Hill and its affiliates are committed to fostering a diverse workforce as an Equal Employment Opportunity company. We invite applications from candidates of all backgrounds, without regard to race, religion, color, sex, sexual orientation, natural origin, gender identity or expression, age, disability, veteran status, or any other legally prot ected characteristic.