Information Security Engineer
Remote, US
About Tides
Tides is a nonprofit and philanthropic organization committed to advancing social justice. We work across the social sector to shift power to communities of color and other groups historically denied power.
Centering equity and justice in everything we do, we collaborate in deep partnership with movement leaders, nonprofits, donors, foundations, and corporations to amplify the impact of their work by providing services like fiscal sponsorship, donor advised funds, grant making, and a variety of innovative solutions. Learn more at tides.org.
About the Role
The Information Security Engineer is responsible for designing, implementing, and maintaining security protocols, policies, and systems to protect the organization's information assets. This role involves collaborating with various departments to ensure the security of networks, applications, and data while responding to security incidents and conducting regular assessments to identify and mitigate risks.
What you will Do
Security Systems Management:
- Design, implement, and maintain security solutions such as firewalls, intrusion detection systems, VPNs, and antivirus software.
- Monitor security systems and networks for potential vulnerabilities and attacks.
- Maintain security of confidential and proprietary information.
Incident Response:
- Respond to security incidents, conduct thorough investigations, and implement corrective actions.
- Develop and maintain incident response plans and procedures.
Risk Assessment and Management:
- Perform regular security assessments and penetration tests to identify vulnerabilities.
- Develop and implement risk mitigation strategies to protect the organization's assets.
Compliance and Audit:
- Ensure compliance with relevant industry regulations and standards (e.g., CIS Top Controls, NIST Cybersecurity Framework, etc.).
- Prepare and participate in security audits.
Policy and Procedure Development:
- Develop, update, and enforce security policies, procedures, and guidelines.
- Conduct security awareness training for employees.
Collaboration and Communication:
- Work with IT and other departments to ensure security measures are integrated into all aspects of the organization.
- Communicate security issues and solutions to management and stakeholders.
Threat Intelligence and Vulnerability Management:
- Stay up-to-date with the latest threat intelligence, security patches, and advisories.
- Manage vulnerability scanning and patch management processes.
What you will Bring
- In-depth understanding of information security principles and best practices
- Proficiency in security technologies and tools (e.g., SIEM, IDS/IPS, firewalls, encryption)
- Understanding of network security protocols and architecture
- Familiarity with security features and vulnerabilities of various operating systems (Windows, Linux, MacOS)
- Knowledge of regulatory and compliance standards (e.g., CIS Top Controls, NIST Cybersecurity Framework, ISO 27001, GDPR, HIPAA)
- Understanding of incident response processes and procedures
- Awareness of current cybersecurity threats, attack vectors, and threat intelligence
- Ability to develop and implement risk assessment and mitigation strategies
- Strong analytical skills for risk assessment, vulnerability analysis, and incident response
- Proficiency in scripting and automation (Python, PowerShell, Bash)
- Excellent verbal and written communication skills
- Strong project management and organizational skills
- Attention to detail to identify and address security vulnerabilities and risks
- Critical thinking and decision-making skills, especially under pressure
- Ability to work effectively with cross-functional teams and promote a security-conscious culture
- Adaptability to evolving cybersecurity threats and technologies
- Capability to respond promptly and effectively to security incidents
Ideal Experience
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- 3-5 years of experience in an information security engineering or a related field.
- Certifications such as Certified Information Systems Security Professional (CISSP) or CompTIA Security+, CEH are highly desirable.
Compensation
Tides is committed to providing a competitive compensation package. We value pay equity and account for factors such as your location within the U.S., your skills and your relevant experience, and we will not ask for your salary history.
Your starting salary will fall into one of three ranges:
● $95,300 - $119,100 (Most of the United States)
● $103,900 - $129,900 (Chicago, Los Angeles, Washington D.C. metro areas)
● $114,400 - $143,000 (New York City & San Francisco metro areas)
Please note, these metro areas are examples and not a complete list. Our Talent Acquisition team will review your application and confirm your placement within this structure with you at the beginning of the interview process.
Application Instructions
Please submit your resume and a cover letter expressing why you are well-qualified for this role and your motivation for joining the team at Tides by Friday, November 15, 2024 at 11:59pm
Life at Tides
Working at Tides connects you with world-class teammates, enduring relationships, and an inspired sense of purpose - while our employee benefits support our team’s talent and well-being. Our hybrid work model supports staff who are based across the United States, in addition to maintaining our offices in New York & San Francisco.
Equal Employment Opportunity
We look forward to reviewing applications from all qualified jobseekers. We strongly encourage applications from women, people of color, and bilingual and bicultural individuals, as well as members of the LGBTQIA+ communities. No applicant will be discriminated against because of their race, religion, sex, national origin, ethnicity, age, disability, political affiliation, sexual orientation, gender identity, color, marital status, or medical condition including acquired immune deficiency syndrome (AIDS) and AIDS-related conditions. Pursuant to the San Francisco Fair Chance Ordinance, we encourage and will consider qualified applicants with arrest and conviction records. Where required by state law, we utilize E-Verify as a part of our employment authorization process.
Applicants with Disabilities
Reasonable accommodations will be made so that all who are interested may participate in our interview process. If you are in need of an accommodation, please advise in writing at the time you apply.
ApplyJob Profile
Competitive compensation Pay equity
Tasks- Collaborate with departments
- Communication
- Conduct risk assessments
- Conduct training
- Design security solutions
- Develop policies
- Ensure compliance
- Monitor security systems
- Project management
- Respond to incidents
Adaptability Analysis Analytical Antivirus Software Bash CIS Controls Collaboration Communication Compliance Critical thinking Encryption Firewalls GDPR HIPAA IDS/IPS Incident Response Information security Intrusion detection systems ISO 27001 Linux MacOS Network security NIST Cybersecurity Framework Pay equity PowerShell Project Management Python Risk Assessment Security audits Security Awareness Training Security policies Security protocols SIEM Threat Intelligence VPNs Vulnerability Management Windows
Education TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9