Logo
American Lebanese Syrian Associated Charities

Engineer, Information Security Job at American Lebanese Syrian Associated Charit

American Lebanese Syrian Associated Charities, Memphis, TN, United States


At ALSAC you do more than make a living; you make a difference. We like people who are different...because we're different, too. As one of the world's most iconic and respected nonprofits, we know what it's like to stand out. That's why we're looking at you. Your background, perspective, and desire to make an impact set you apart. As we work to help St. Jude cure childhood cancer, we're calling on the game-changers, innovators and visionaries to join our family. Not just for the kids of St. Jude, but also for you. Because at ALSAC, we develop and celebrate our employees. So, bring your whole, authentic self and become part of our shared mission: Finding cures. Saving children.® Job Description The Information Security Engineer is responsible for implementing, maintaining, monitoring, and managing secure solutions. This role ensures that these solutions align with the organization's architectural designs, best practices, and regulatory or compliance requirements. As risks evolve, the Information Security Engineer recommends modifications and enhancements to keep the organization ahead of the threat landscape. The Information Security Engineer reports to the Director of Information Security and contributes to the corporate security strategy alongside security leadership and other senior security technologists. Key Responsibilities: Implement, monitor, and provide operational support for hardware, software, customer applications, managed solutions, and service provider relationships. Lead and actively participate in security team meetings to facilitate secure design. Engage in information security projects to evaluate and enhance existing security infrastructure, delivering projects on time, within budget, and in accordance with SLAs. Assist with incident response and system stability issues, including after-hours involvement as needed. Implement solutions in compliance with HIPAA, GLBA, PCI, SOX, and privacy laws. Collaborate with architects, SOC, incident responders, and technology infrastructure and development teams. Respond to and manage service and escalation tickets within SLA expectations. Develop security test plans from architectural designs, identify deficiencies, and make enhancements to ensure production stability. Participate in change project and change management meetings. Research, validate, and deploy solutions that meet security and business needs. Follow security engineering fundamentals and processes as outlined in standard frameworks. Influence the planning and execution of incident response and postmortem exercises, focusing on measurable benchmarks. Drive security efficiencies, enabling team members to focus on advanced tasks. Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted. Qualifications: Bachelor's degree in Computer Science, Information Assurance, MIS, or related field, or equivalent experience. Certifications such as CISSP, CISM, and/or SANS are a plus. At least 7+ years of experience in cybersecurity, including compliance and risk management with a system and network security engineering background. Highly technical and analytical expertise, with a proven deep background (preferred 5+ years' ITS experience in addition to cybersecurity) in technology design, implementation, and delivery. Experience with purple teaming (red and blue) to train, identify, and remediate issues cohesively. Proficiency with the Rapid7 platform, including InsightIDR, InsightVM, InsightCloudSec, InsightAppSec, and InsightConnect. Experience in cloud computing technologies, including SaaS, IaaS, PaaS, and public, private, and hybrid environments. Extensive knowledge of traditional and modern security controls and technologies, such as SIEM systems, IDS/IPS, PKI, IDAM systems, antivirus, firewalls, EDR, threat intelligence platforms, security automation and orchestration, deception technologies, and application controls. Skilled in vulnerability and penetration testing. Excellent communication skills to articulate business risks from cybersecurity issues. Experience managing SIEM systems, threat intelligence platforms, security automation and orchestration solutions, IDS/IPS, FIM, DLP, and other network and system monitoring tools. Proven track record of integrity, pride in work, curiosity, adaptability, and effective communication. Experience with AWS or Microsoft Azure / M365 Purview. Proficiency in scripting languages such as Python, JavaScript, PowerShell, PHP, or Ruby. DevSecOps background with experience in compliance obligations. Familiarity with standards and regulations such as ISO 27001, NIST, PCI DSS, HIPAA, HITECH Act, SOX, GDPR, CIS standards, or SOC 2. Ability to think strategically and tactically, with effective decision-making skills. Benefits & Perks The following Benefits & Perks apply toFull-Time Roles Only We're dedicated to ensuring children and their families have every opportunity to enjoy life's special moments. We're also committed to giving our staff excellent benefits so they can do the same. Core Medical Coverage: (low cost low deductible Medical, Dental, and Vison Insurance plans) 401K Retirement Plan with 7% Employer Contribution Exceptional Paid Time Off Maternity / Paternity Leave Infertility Treatment Program Adoption Assistance Education Assistance Enterprise Learning and Development And more ALSAC is an equal employment opportunity employer. ALSAC does not discriminate against any individual with regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, transgender status, disability, veteran status, genetic information or other protected status. No Search Firms: ALSAC does not accept unsolicited assistance from search firms for employment opportunities. All resumes submitted by search firms to any ALSAC employee or ALSAC representative via email, the internet or in any form and/or method without being contacted and approved by our Employee Experience team and without a valid written search agreement in place will result in no fee being paid if a referred candidate is hired by ALSAC.