Details: Not Listed
The Cystic Fibrosis Foundation - the world's leader in the search for a cure for cystic fibrosis, and one of the most innovative and successful organizations of its kind - is seeking a Security Engineer at our National Headquarters in Bethesda, MD.
We are a nonprofit, donor-supported organization that has raised and invested hundreds of millions of dollars to help develop cystic fibrosis therapies that have changed the lives of people with this disease. Nearly every CF medicine available today was made possible because of Foundation support.
The Security Engineer will participate in the evaluation, development, and implementation of security tools, policies, and procedures for multiple platforms to protect the Foundation’s information assets. The Security Engineer will utilize their wide area of expertise in network, applications, access management, security frameworks, and other relevant areas to provide security support to the Foundation. The Security Engineer will maintain the security architecture of the Foundation.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Performs all assigned duties in compliance with internal policies, standard operating procedures, and external regulations.Raises compliance issues to the attention of management.
- Strives to provide excellent customer service to internal and external customers.
- Maintains good attendance and punctuality per Foundation policy.
- Responsible for supporting information security functions across the Foundation.
- Provides security best practices and guidance to Information Technology and Business teams for continuous process improvements.
- Researches and evaluates proposes solutions for adherence to Foundation policies, procedures, and regulatory requirements.
- Collaborates with IT Infrastructure & Operations team to reduce risk to information assets by recommending and/or implementing controls, e.g., encryption, access controls, patch and vulnerability management.
- Participates in incident response and investigations of suspecting security events, misuse, or compliance reviews.
- Provides security technology escalation support and remediates security issues.
- Determine application security requirements by evaluating business strategies and requirements, researching information security standards, conduct system security and vulnerability analyses and risk assessments, and identify integration issues.
- Performs assessments to ensure use of establishes security policies, practices, and expectations across all platforms, operating systems, and applications.
- Analyzes current attack trends, technologies, and methodologies, designing and implementing technical and process-oriented countermeasures.
- Assess emerging technologies against existing security architecture to determine where they address gaps, overlap with existing solutions, or enhance and extend capabilities.
- Participates in security audits, business continuity and disaster recovery exercises, incident response exercises, security reporting, and audit and compliance support.
- Collaborates with and manages external vendors engaged by the Foundation to augment existing security services and/or provide security services.
- Performs all other duties as assigned by management.
KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
- Bachelor’s degree in Computer Science or related discipline or an equivalent combination of education and work experience.
- Five (5) years of progressive experience in Information Technology related roles, including four (4) years of experience in Information Security, including firewall, intrusion detection/prevention systems, anti-malware products, forensics tools, data encryption, data loss prevention, virtual private networks (VPNs), vulnerability scanners, multiple operating systems (Windows, Linux, UNIX, etc.), and directory services (Active Directory, LDAP).
- Strong written and verbal communication skills, with the ability to communicate highly technical information in non-technical terms.
- Strong business analysis skills.
- Strong organizational skills.
- Strong troubleshooting and problem-solving skills.
- Proficiency with Microsoft Office—Excel, Outlook, PowerPoint and Word.
- Familiarity with various shells (PowerShell, bash), scripting methods, (Perl, Python, PowerShell, etc.), and SaaS applications (Azure, Office 365).
- Demonstrated understanding of software systems and development concepts, including access, authorization, configuration, design, test, and maintenance.
- Familiarity and understanding of various Information Technology and Information Security concepts and frameworks, e.g., ISO 27001, ITIL, NIST Cybersecurity Framework, COBIT, COSO.
- Ability to work effectively in a collaborative environment as well as work independently with minimal supervision.
- Reports to the Senior Director, IT Security.
Minimum Education Required