Logo
BOSTON TRUST WALDEN COMPANY

Information Security Engineer

BOSTON TRUST WALDEN COMPANY, Boston, Massachusetts, us, 02298


Job DescriptionJob Description

Boston Trust Walden Company Overview

__

Boston Trust Walden Company is an independent, employee-owned firm that provides investment management services to institutional investors and private wealth clients. The firm manages approximately $16 billion in client assets.

Boston Trust Walden distinguishes itself in several key ways, including:

stable, diversified business model serving a variety of client types.

compelling investment philosophy and excellent track record.

longstanding leadership in ESG impact investing; and

corporate culture grounded in shared values, as signified by the company’s tagline,

Principled Investing.

Located in the heart of Boston at One Beacon Street, Boston Trust Walden employs fewer than 100 individuals. Boston Trust Walden’s structure as an independent, employee-owned firm enables the firm to make business decisions that align with clients and employees for long-term success. The firm’s structure and size help cultivate a collegial work environment where employees have ownership of their work, contribute to positive client outcomes, and are rewarded for their efforts.

One of Boston Trust Walden’s strategic priorities is to foster a positive workplace; this includes a commitment to diversity, equity, and inclusion. The firm believes this commitment is not only the right thing to do but also a matter of good governance and a critical component of long-term business success. When DEI values are infused into the workplace environment, the company and its employee’s benefit. The firm is committed to taking meaningful steps to advance racial, ethnic, and gender equity in its workplace through retention, education, and recruitment initiatives.

Boston Trust Walden Company is an Equal Opportunity Employer. Boston Trust Walden is committed to supporting equal employment opportunity and to promoting a workplace free of discrimination with regard to race, color, religious creed, national origin, genetic information, ancestry, sex, age, sexual orientation, gender identity, gender expression, physical or mental disability, parental status, marital status, veteran/US military status, pregnancy, citizenship status, or other legally protected status.

The firm will make reasonable accommodations in the application process if requested by new job applicants.

Position: Information Security Engineer

Job Summary

Boston Trust Walden seeks a talented and experienced Information Security Engineer to join our Information Technology team. This role is critical for managing and enhancing the firm's technical security infrastructure and ensuring a robust cybersecurity posture. The ideal candidate will be passionate about information security and possess a deep understanding of information security principles, advanced cybersecurity methods, and innovative technological solutions to effectively manage daily security operations, develop and implement security policies, and respond to security incidents.

To be successful in this role, you should have excellent problem-solving skills and a solid understanding of cloud, on-premises, and application security technologies. You should also be adept at proactively identifying and resolving incidents, providing suggestions and solutions to enhance the security environment, working independently, and collaborating within a team environment.

Key Responsibilities:

Collaborate with Information Technology, Risk Management, and Compliance to analyze and strengthen security controls and implement comprehensive security requirements.

Lead the implementation, documentation, and maintenance of information security policies, standards, procedures, and controls.

Investigate security incidents, perform root cause analysis to identify indicators of compromise, and maintain documentation for corrective actions and improvements.

Oversee third-party providers to enhance security controls and procedures.

Manage the vulnerability lifecycle from identification to resolution and collaborate with IT teams to maintain secure baseline configurations.

Manage security controls such as network and host intrusion detection/protection systems (IDS/IPS), identity access management systems (SSO, IdP), firewalls, security incident and event management systems (SIEM), mobile device management (MDM) systems, data classification and loss prevention systems (DLP), secure email gateways, and proxy systems.

Monitor and analyze event logging across the organization, ensuring proper alerting is in place, reducing false positives, and identifying and correcting false negatives.

Identify and address gaps in security controls and remedy documented control weaknesses. Collaborate with the business to ensure the information security program is properly implemented.

Conduct information security reviews of external systems containing or utilizing firm or client NPPI.

Stay current with the latest security technologies, trends, vulnerabilities, and emerging threats, providing expert guidance to stakeholders.

Education

& Experience:

Bachelor’s degree or higher in computer science, information security, or related fields.

Over 5 years in a dedicated security role, demonstrating increased responsibilities.

Experience in Information Security domains such as Information Security Governance, Compliance, and Regulations, as well as knowledge of frameworks like CIS, NIST, ISO 27001, and SOC reports.

Professional certifications such as CISSP/CCSP, CySA+/CASP+, Security+, or GIAC are highly preferred.

Specialized Skills:

In-depth understanding of computing environments, including virtualization, cloud technologies, networks and protocols, data loss prevention, identity access management, multi-factor authentication, public key infrastructure and cryptography, intrusion detection, firewalls, mobile device management, proxies, vulnerability assessment tools, and incident response.

Critical thinker with analytical problem-solving skills, capable of assessing complex security issues and recommending practical solutions for the business.

Organized and detail-oriented, capable of independently producing documentation, communicating effectively, and fostering cross-functional team collaboration.

Solid project management skills (organizing, planning, reporting, documenting, driving tasks to closure, etc.).

Excellent communication and interpersonal skills with business partners and key stakeholders are critical for this role.

Comfortable working in a fast-paced and small company culture environment and managing various tasks.