Sr. Information Security Engineer
Company: Disability Solutions
Location: Seattle
Posted on: April 25, 2024
Job Description:
The FoundationWe are the largest nonprofit fighting poverty,
disease, and inequity around the world. Founded on a simple
premise: people everywhere, regardless of identity or
circumstances, should have the chance to live healthy, productive
lives. We believe our employees should reflect the rich diversity
of the global populations we aim to serve. We provide an
exceptional benefits package to employees and their families which
include comprehensive medical, dental, and vision coverage with no
premiums, generous paid time off, paid family leave,
foundation-paid retirement contribution, regional holidays, and
opportunities to engage in several employee communities. As a
workplace, we're committed to creating an environment for you to
thrive both personally and professionally.The TeamThe Global
Security (GS) team is part of the foundation's operations division.
We protect personnel, offices, information and the foundation's
reputation through our work on physical security and information
security.The Information Security team is seeking an experienced
and highly skilled individual for our Senior Engineer role. In this
role you will work across teams to combine security and business
requirements to develop, prototype, document, and communicate
technical security controls to ensure security outcomes and manage
risk at scale for our foundation and affiliated entities.
Additionally, you will design and implement operational security
practices performed by implementation teams and service providers
and serve as a partner and decision maker related to security
operations. Incident response will be a core component of this
position, playing the part of leader, investigator, and consulting
with service delivery teams on mitigation. This role is critical in
performing and contributing to the continuous improvement of the
foundation's global Information Security program. This is an
individual contributor role reporting to the Deputy Director,
Information Security.What You'll Do
- Perform Information Security incident investigation and
response.
- Ability to self-manage time and priorities in an environment
where projects or goals may be ambiguous.
- Participate in the Information Security design process focusing
on technical controls, including:
- In partnership with technology delivery teams, further refine,
prototype, and continuously improve technical security controls as
implemented across our technology environment.
- Engage with partners to drive secure outcomes for business
objectives.
- Discover, manage, and track security risk through the design,
implementation, and operation of security technologies.
- Continuously improve upon Information Security processes,
technology, and services to achieve our core risk management
objectives.
- Lead and perform vulnerability assessments using tailored
approaches to the environment or technology solution.
- Partner with IT teams during solution design and operation to
develop implementation steps for security configuration.
- Communicate our design philosophies, reference architectures,
and use cases to ensure our technology partners and service
providers have the knowledge they need to innovate and operate
technical solutions safely.Your Experience
- At least 5 years of experience in the Information Security
field.
- 3+ years of experience leading Information Security incident
investigation and response.
- 2+ years of experience with security preventative and detective
controls such as endpoint protection, firewall policies,
vulnerability management, SIEM, Microsoft Defender suite.
- Excellent collaboration, interpersonal, communication and
facilitation skills with ability to present and influence to
audiences of varying skill levels.
- Experience with the security incident response process.
- Experience with control configuration and security architecture
patterns in common cloud environments (Azure, AWS)
- Experience with scripting and automation tools knowledge:
PowerShell, Python, Bash, Terraform, Ansible or related.
- Experience with using a SIEM (Splunk, Sentinel, etc) to perform
analysis, threat hunting, and incident response.
- Experience with Microsoft Windows (server/desktop) and Linux
(CentOS/Ubuntu/RedHat).
- Experience with identity and access management technologies and
their usage in Enterprise environments (i.e., Active Directory,
Azure AD, LDAP, SSO, MFA and related technologies).
- Experience with networking concepts, protocols, and tools,
which may include firewalls, routing, TCP/IP, DNS, DHCP, SSL/TLS,
VPN, SSH.
- Familiarity with securing infrastructure using Infrastructure
as Code tools, such as Terraform, Ansible, Puppet, or Salt.
- Familiarity with vulnerability assessment tools, such as
Nessus, Rapid7, Metasploit, or nmap.
- Familiarity with source code management (Git, GitHub, GitLab)
and CI/CD (GitLab CI, Jenkins, Drone, Azure DevOps).
- Familiarity with security and regulatory compliance standards
and frameworks such as: HIPAA, NIST CSF, ISO27001, and GDPR.
- Familiarity with securing workloads using application
containerization and orchestration: Docker and Kubernetes or
related.
- Familiarity with server virtualization technologies: VMware,
Hyper-V, Nutanix, KVM, etc.
- Understanding of authentication and authorization technologies
and protocols including SAML, OAuth, and Kerberos.
- B.S. in Engineering, Math, Computer Science, or related field
or equivalent working experience* Must be able to legally work in
the country where this position is located without visa
sponsorship.* The salary range for this role is $151,200 to
$226,800 USD. We recognize high-wage market differences in Seattle
and Washington D.C., where our offices are located. The range for
this role in these locations is $164,700 to $247,100 USD. As a
mission-driven organization, we strive to balance competitive pay
with our mission. New hires salaries are typically between the
range minimum and the salary range midpoint. Actual placement in
the range will depend on a candidate's job-related skills,
experience, and expertise, as evaluated during the interview
process.Hiring RequirementsAs part of our standard hiring process
for new employees, employment will be contingent upon successful
completion of a background check.Candidate AccommodationsIf you
require assistance due to a disability in the application or
recruitment process, please submit a request .Inclusion StatementWe
are dedicated to the belief that all lives have equal value. We
strive for a global and cultural workplace that supports ever
greater diversity, equity, and inclusion - of voices, ideas, and
approaches - and we support this diversity through all our
employment practices.All applicants and employees who are drawn to
serve our mission will enjoy equality of opportunity and fair
treatment without regard to race, color, age, religion, pregnancy,
sex, sexual orientation, disability, gender identity, gender
expression, national origin, genetic information, veteran status,
marital status, and prior protected activity.
Keywords: Disability Solutions, Shoreline , Sr. Information Security Engineer, Engineering , Seattle, Washington
Didn't find what you're looking for? Search again!
Loading more jobs...