Cybersecurity Engineer I, Benchmarks (Cloud Systems) - Remote

Overview

The Benchmarks Cybersecurity Engineer (BMCE) is part of the Security Best Practices (SBP) department, which resides on the Benchmarks Development team (BMDT) and reports to the Director of Benchmarks. The Benchmarks Cybersecurity Engineer will work closely with other Benchmarks Cybersecurity Engineers (BMCEs) and support them in their development of Benchmark documents, Automated Assessment Content (AAC), and Build Kits to promote the CIS mission and help support our growth.

CIS Benchmarks are computer system configuration guidance standards that are used worldwide to secure systems ranging from handheld devices to workstations to servers to network devices. The BMCE should have familiarity with a variety of common technologies, be a knowledgeable generalist in cybersecurity issues, skilled in leading teams, passionate about our vision, work well with people, and be driven to deliver results.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry-leading best practices for securing IT systems and data. CIS is also a trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities and election offices.

CIS has an award-winning reputation for investing in its people (click here to learn more), as well as continuous learning and development. We offer our employees diverse opportunities to expand their impact personally and professionally, in their local communities, and among one another. Core Leadership Principles drive our employees at every level of the organization, empowering them to be leaders in everything they do.

• Base salary is determined on a number of factors including, but not limited to, education, experience and skills
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

What You'll Do

• Under the technical supervision of more senior BMCEs, work with their technology communities to take on a variety of tasks including:
• • Complete an analysis of assigned technology releases (cloud services, operating systems, applications, etc.) for security relevant setting changes and additions
  • Test and document security relevant settings as official Benchmark recommendations
  • Setup virtual test environments
  • Test AAC with CIS tools (CIS-CAT) based on existing test plans to ensure proper operation and coverage
  • Report test results to a more senior BMCE for review
  • Assist in the development and testing of Build Kits that automatically apply Benchmark recommendations to a system (Ansible, Terraform, Group Policy Objects, Bash Scripts, etc.)
• Learn the overall Benchmark development process and community relations
• Occasionally stand-in for other BMCEs in some circumstances (lead community meetings, etc.)
• Other tasks and responsibilities as assigned

What You'll Need

• Associate's degree in Cybersecurity, Information Technology, Computer Science, or a related field*
• 2+ years of hands-on experience with public cloud administration and security (Azure, AWS, GCP, etc.)
• 1+ years of hands-on experience with testing software and/or system security configurations
• Experience with cybersecurity concepts and issues
• Experience with Agile methodologies
• Strong attention to detail
• Excellent verbal and written communication skills
• Must be authorized to work in the United States

It's a Plus if You Have:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field
• Security relevant cloud certification (CSA, SANS/GIAC, Azure, AWS, GCP, etc.)
• Experience working in a diverse geographically distributed community (open-source software development, standards development, etc.)
• Hands-on experience with multiple scripting languages such as Ansible, Terraform, Bash, PowerShell, Python, etc.
• Hands-on experience with logs, services, applications, and system updates
• Hands-on experience with Jira and Confluence

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.