Information Security Engineer

About Tides

Tides is a nonprofit and philanthropic organization committed to advancing social justice. We work across the social sector to shift power to communities of color and other groups historically denied power.

Centering equity and justice in everything we do, we collaborate in deep partnership with movement leaders, nonprofits, donors, foundations, and corporations to amplify the impact of their work by providing services like fiscal sponsorship, donor advised funds, grant making, and a variety of innovative solutions. Learn more at tides.org.

About the Role

The Information Security Engineer is responsible for designing, implementing, and maintaining security protocols, policies, and systems to protect the organization's information assets. This role involves collaborating with various departments to ensure the security of networks, applications, and data while responding to security incidents and conducting regular assessments to identify and mitigate risks.

What you will Do

Security Systems Management:

• Design, implement, and maintain security solutions such as firewalls, intrusion detection systems, VPNs, and antivirus software.
• Monitor security systems and networks for potential vulnerabilities and attacks.
• Maintain security of confidential and proprietary information.

Incident Response:

• Respond to security incidents, conduct thorough investigations, and implement corrective actions.
• Develop and maintain incident response plans and procedures.

Risk Assessment and Management:

• Perform regular security assessments and penetration tests to identify vulnerabilities.
• Develop and implement risk mitigation strategies to protect the organization's assets.

Compliance and Audit:

• Ensure compliance with relevant industry regulations and standards (e.g., CIS Top Controls, NIST Cybersecurity Framework, etc.).
• Prepare and participate in security audits.

Policy and Procedure Development:

• Develop, update, and enforce security policies, procedures, and guidelines.
• Conduct security awareness training for employees.

Collaboration and Communication:

• Work with IT and other departments to ensure security measures are integrated into all aspects of the organization.
• Communicate security issues and solutions to management and stakeholders.

Threat Intelligence and Vulnerability Management:

• Stay up-to-date with the latest threat intelligence, security patches, and advisories.
• Manage vulnerability scanning and patch management processes.

What you will Bring

• In-depth understanding of information security principles and best practices
• Proficiency in security technologies and tools (e.g., SIEM, IDS/IPS, firewalls, encryption)
• Understanding of network security protocols and architecture
• Familiarity with security features and vulnerabilities of various operating systems (Windows, Linux, MacOS)
• Knowledge of regulatory and compliance standards (e.g., CIS Top Controls, NIST Cybersecurity Framework, ISO 27001, GDPR, HIPAA)
• Understanding of incident response processes and procedures
• Awareness of current cybersecurity threats, attack vectors, and threat intelligence
• Ability to develop and implement risk assessment and mitigation strategies
• Strong analytical skills for risk assessment, vulnerability analysis, and incident response
• Proficiency in scripting and automation (Python, PowerShell, Bash)
• Excellent verbal and written communication skills
• Strong project management and organizational skills
• Attention to detail to identify and address security vulnerabilities and risks
• Critical thinking and decision-making skills, especially under pressure
• Ability to work effectively with cross-functional teams and promote a security-conscious culture
• Adaptability to evolving cybersecurity threats and technologies
• Capability to respond promptly and effectively to security incidents

Ideal Experience

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 3-5 years of experience in an information security engineering or a related field.
• Certifications such as Certified Information Systems Security Professional (CISSP) or CompTIA Security+, CEH are highly desirable.

Compensation

Tides is committed to providing a competitive compensation package. We value pay equity and account for factors such as your location within the U.S., your skills and your relevant experience, and we will not ask for your salary history.

Your starting salary will fall into one of three ranges:

• $95,300 - $119,100 (Most of the United States)
• $103,900 - $129,900 (Chicago, Los Angeles, Washington D.C. metro areas)
• $114,400 - $143,000 (New York City & San Francisco metro areas)

Please note, these metro areas are examples and not a complete list. Our Talent Acquisition team will review your application and confirm your placement within this structure with you at the beginning of the interview process.

Application Instructions

Please submit your resume and a cover letter expressing why you are well-qualified for this role and your motivation for joining the team at Tides by Friday, November 15, 2024 at 11:59pm

Life at Tides

Working at Tides connects you with world-class teammates, enduring relationships, and an inspired sense of purpose - while our employee benefits support our team’s talent and well-being. Our hybrid work model supports staff who are based across the United States, in addition to maintaining our offices in New York & San Francisco.

Equal Employment Opportunity

We look forward to reviewing applications from all qualified jobseekers. We strongly encourage applications from women, people of color, and bilingual and bicultural individuals, as well as members of the LGBTQIA+ communities. No applicant will be discriminated against because of their race, religion, sex, national origin, ethnicity, age, disability, political affiliation, sexual orientation, gender identity, color, marital status, or medical condition including acquired immune deficiency syndrome (AIDS) and AIDS-related conditions. Pursuant to the San Francisco Fair Chance Ordinance, we encourage and will consider qualified applicants with arrest and conviction records. Where required by state law, we utilize E-Verify as a part of our employment authorization process.

Applicants with Disabilities

Reasonable accommodations will be made so that all who are interested may participate in our interview process. If you are in need of an accommodation, please advise in writing at the time you apply.