Job Description
Role: Security Engineer
Location: This role will be remote in the continental United States, Alaska, or Hawaii
Reports to: Director of IT and Security
Classification: Exempt Full Time
Union Role? No
Salary Range: $100,000-140,000
Summary:
This role will oversee the security of The Trevor Project’s systems, data, and other digital assets. This role is a direct contributor to the overall organizational Information Security Program and supporter of the security strategy plan. The first 2 project priorities this role is responsible for are our Data Governance (Retention and Destruction) policy implementation, and Security Compliance implementation (ISO27001, SOC 2 type I/II). This role will also ensure continued compliance with new security frameworks, and drive initiatives that keep all data secure and governed. You will monitor our cloud based systems for security issues, deploy security tools and platforms, support our security strategy in coordination with Technology Leadership, manage the Security Awareness Training Program, and investigate and document any security issues or breaches.
Roles and Responsibilities:
Monitor cloud based systems for security issues.Ensure the secure handling and protection of highly confidential and sensitive data across IT systems and infrastructure.Investigate security breaches and other cybersecurity incidents, identify and implement remediations, and report on the findings.Deploy security tools and platforms to protect systems and information infrastructure, including (but not limited to) SEIM, Security Awareness Training, Vulnerability Monitoring, and Automated Detection and Response tools.Work with security vendors to perform tests and uncover network vulnerabilities, and to determine and implement appropriate remediations.Stay current on IT security trends and news.Develop company-wide best practices for IT security.From ground zero, research, plan, and implement policies and processes that will achieve common Cybersecurity compliances, (SOC 2 type I/II, ISO27001, CCPA, Etc).Evaluate potential additions to the organizational software portfolio for security risk and mitigationEvaluate proposed projects, changes, or data use cases for security risk and mitigationDemonstrate fair, ethical, and equitable business practicesHandle sensitive and confidential matters with the utmost discretion and integrityLearn eagerly, share knowledge appropriately, and improve continuouslyDemonstrate successful planning and problem-solving skills, including multitasking and working well within tight timelinesWork, communicate, and collaborate effectively with othersDemonstrate attention to detail and accuracy in all workDemonstrate a commitment to fostering and maintaining an environment of belongingOther relevant duties and responsibilities as assignedMinimum Qualifications:
5 or more years of combined education, work, and/or certification experience with demonstrated expertise in Information Security planning, implementation, and maintenance. Proficiency in: Implementing SOC 2/ISO27001, or other security compliance frameworks.Developing and maintaining technical processes for data governance, retention, and deletion in a cloud environment (GCP/AWS/AZURE)Security Awareness Training Program ManagementAutomated Threat Detection, Response, and Remediation ProgramsSecurity Audit and Investigation process Asset Management LifecycleData Management LifecycleVulnerability Assessment and ManagementThreat Intelligence and ManagementBusiness Continuity and Disaster RecoveryProficiency in spoken and written English