Senior Engineer, Information Security

Job Posting Organization:
The organization is the largest nonprofit dedicated to combating poverty, disease, and inequity globally. Founded on the principle that all individuals, regardless of their identity or circumstances, deserve the opportunity to lead healthy and productive lives, the foundation emphasizes the importance of diversity among its employees to reflect the global populations it serves. The organization offers a comprehensive benefits package that includes medical, dental, and vision coverage without premiums, generous paid time off, paid family leave, retirement contributions, regional holidays, and opportunities for employees to engage in various communities. The foundation is committed to fostering an environment that supports both personal and professional growth for its employees.

Job Overview:
The Senior Engineer role within the security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security team is designed for an experienced and highly skilled individual who will work collaboratively across various teams to integrate security and business requirements. The primary focus will be on developing, prototyping, documenting, and communicating technical security controls that ensure effective security outcomes and risk management for the foundation and its affiliated entities. This role involves designing and implementing operational security practices that will be executed by implementation teams and service providers. The Senior Engineer will also play a crucial role in incident response and contribute to the continuous improvement of the foundation's global Information Security program. This position is an individual contributor role and reports directly to the director" style="border-bottom: 1px dotted #007bff !important;">Deputy Director of Information Security.

Duties and Responsibilities:
The Senior Engineer will participate in the Information Security design process with a focus on technical controls. Key responsibilities include collaborating with technology delivery teams to refine, prototype, and enhance technical security controls implemented across the technology environment. The role requires engaging with partners to align security measures with key business objectives and user personas. Additionally, the Senior Engineer will manage risk through the implementation and operation of design outputs, continuously improving the Information Security portfolio, which includes technology, services, and processes aimed at achieving core risk management objectives. The role also involves conducting Information Security incident investigations and responses, as well as communicating design philosophies, reference architectures, and use cases to ensure that technology partners and service providers are equipped to innovate and operate technical solutions safely. Furthermore, the Senior Engineer will partner with IT teams during solution design and operation to develop implementation steps for security configurations.

Required Qualifications:
Candidates must possess at least 5 years of experience in the Information Security field, with a minimum of 2 years leading Information Security incident investigations and responses. Additionally, candidates should have at least 3 years of experience with security preventative and detective controls, including endpoint protection, firewall policies, vulnerability management, SIEM, and the Microsoft Defender suite. Strong collaboration, interpersonal, communication, and facilitation skills are essential, along with the ability to present and influence diverse audiences. Familiarity with security and regulatory compliance standards and frameworks such as HIPAA, NIST CSF, ISO27001, and GDPR is required. Experience with controls configuration in common cloud environments (Azure, AWS) and knowledge of scripting and automation tools (Azure Sentinel and KQL, PowerShell, Python, Terraform, Ansible) are also necessary. Candidates should have experience with application containerization and orchestration (Docker, Kubernetes), source code management (Git, GitHub, GitLab), and CI/CD (GitLab CI, Jenkins, Drone, Azure DevOps). Proficiency in Microsoft Windows (server/desktop) and Linux (CentOS/Ubuntu/RedHat) is expected, along with knowledge of identity and access management best practices and related technologies (Active Directory, Azure AD, LDAP, SSO, MFA). Understanding of networking protocols and tools (TCP/IP, DNS, DHCP, SSL/TLS, VPN, VLAN, SSH, BGP, OSPF) and server virtualization technologies (VMware, Hyper-V, Nutanix, KVM) is also important. A strong understanding of authentication and authorization technologies and protocols, including SAML, OAuth, and Kerberos, is a plus.

Educational Background:
A Bachelor’s degree in Engineering, Math, Computer Science, or a related field is required, or equivalent working experience may be considered in lieu of a degree. Candidates must also be legally authorized to work in the United States without the need for visa sponsorship.

Experience:
The position requires a minimum of 5 years of experience in the Information Security domain, with at least 2 years specifically focused on leading incident investigations and responses. Candidates should have a robust background in implementing and managing security controls and practices across various environments, demonstrating a comprehensive understanding of the security landscape.

Languages:
While the job description does not specify mandatory languages, proficiency in English is implied as the primary language of communication within the organization. Additional language skills may be beneficial but are not explicitly required.

Additional Notes:
This is a limited-term position for 9 months, and relocation assistance will not be provided. The salary range for this role is between $154,200 and $231,400 USD, with specific adjustments for high-wage markets such as Seattle and Washington D.C., where the salary range is between $168,200 and $252,200 USD. The organization emphasizes a balance between competitive pay and its mission-driven focus. New hires typically start within the range minimum and midpoint, with actual placement depending on job-related skills, experience, and expertise as assessed during the interview process. Employment is contingent upon successful completion of a background check.