How You’ll Contribute
Who We AreYour Impact
How You’ll Contribute
The Security Engineer is responsible for the confidentiality, integrity, and availability of all systems owned or operated by the National Geographic Society. These responsibilities include Firewall/IDS/IPS, VPN, SIEM, antivirus/malware, SAST, DAST, vulnerability management, encryption, DLP, compliance, and cloud security in SaaS/PaaS/IaaS environments. Coordinates activities of managed security providers and cloud-based services, including threat intelligence, cloud application monitoring, and incident response.
Additional responsibilities include management of technical controls for compliance programs such as PCI-DSS and GDPR including routine environment audits, gap analysis and remediation, process documentation, and submission of completed documents to appropriate regulatory oversight organizations. Works closely with DevSecOps and DataOps teams on secure application, workflow design, and testing/hardening existing systems via penetration test exercises.
This position reports to the Senior Director, Infrastructure & Security
Your Impact & Responsibilities
Applications Security (40%)
Implementation and management of on-premise and cloud/SaaS application security including application patching and hardening, access control and identity management, security assessments, and audits.
Understanding industry best practices with OWASP top 10
Involved in risk and security assessments of new and existing applications developed by internal teams, third parties, or COTS providers.
Participation with product teams to understand desired application capabilities and testing scenarios, in addition to perform regular DAST and SAST scans. Report and track results to the appropriate dev-ops or Product team.
Vulnerability Management & Incident Response (30%)
Administration and engineering of vulnerability management programs including scanning, patching/remediation, and penetration testing.
Experience using assessment tools such as Burp, ZAP, Synk, and using Python scripting, ad-hoc computer emergency response and incident response teams, including tabletop exercises and disaster recovery testing.
Infrastructure Security (20%)
Administration and engineering of all network security hardware and software including firewalls, intrusion detection/prevention, information/event log management/analysis, antivirus/malware, and access control.
Testing and screening security software and monitoring networks and systems for security breaches or intrusions, system performance analysis, system instrumentation/management, and change management activities.
Privacy/Audit/Compliance (10%)
Engineering and management of encryption programs at both hardware and data layers including hard disk encryption, database/file/message encryption, key management, PKI, and certificate management.
Management of regulatory compliance programs including PCI-DSS, GDPR, all routine and ad-hoc activities related to system and data integrity.
Minimum Education Required
Bachelor’s degree in Computer Science or related discipline, or equivalent experience.
Minimum Years and Type of Experience
Minimum of three years of experience with security administration as well as the implementation of appropriate data/host-based security layers within a heterogeneous computing environment. Comfortable working in cloud-first / consumerized technology environments and integrating into enterprise security programs. Background with Linux and open-source tools, as well as active security community participation.
Necessary Knowledge and Skills Required
Strong experience with securing Amazon Web Services and Google Cloud Platform.
Solid experience with securing endpoint devices including Windows, Mac OS X, Chrome, iOS, Android as well as IoT, with road knowledge of secure website code development/deployment including OWASP best practices, web SDLC and static/dynamic code scanning, data masking/obfuscation/tokenization, API, and encryption key handling.
Basic development or scripting experience and skills.
Ability to excel in a dynamic environment subject to changes in schedules and priorities while participating in multiple projects concurrently from inception to completion with limited management supervision.
Excellent oral and written communication skills in addition to interacting positively and productively with teams across organizational lines with exceptional customer service, troubleshooting and problem solving skills.
Familiarity with industry security practices, standards, and regulations such as ISO27001 and NIST.
Desired Qualifications:
Supervision:
None
Salary Information
The National Geographic Society offers a competitive and holistic total rewards package. Our compensation structure and transparent pay philosophy are based on industry-specific market data for similar-sized nonprofit organizations.
The salary range for this position accounts for a wide range of factors including but not limited to organizational need; specific skill sets; experience and training; certifications; and more. At the National Geographic Society, individuals are typically hired at or near the starting point of the salary range for their role, and compensation decisions are dependent on the facts and circumstances of each case.
The salary range for this position is $118,750.00 - $125,000.00.In addition, the National Geographic Society offers a competitive and comprehensive benefits package that includes, but is not limited to, medical, dental, and vision insurance; engaging and comprehensive wellness program; 401(k) retirement savings plan with matching contributions after 6 months of employment; flexible paid time off benefits with up to 22 days of paid annual leave per calendar year (15 days for new hires in their first year, prorated based on the number of pay periods remaining in the year) and 10 days of sick leave; 12 paid holidays and a paid winter break between December 25 and 31 (May not apply to all roles that are required to work during high volume seasons or essential workers. Please check with the hiring manager for confirmation.); paid parental leave, adoption and surrogacy expense reimbursement, fertility benefits; learning and development opportunities; Lifestyle Spending Account; pet adoption assistance and insurance; pre-tax transportation benefits with a generous employer subsidy; employer-paid life insurance and disability benefit; and a variety of National Geographic discounts and perks.
Job Designation
Remote - Our Remote designation includes staff who must work in another location in the U.S. or abroad, such as our regional leads for our Education and International teams or regional fundraisers in Advancement. Staff may also be designated as Remote by their supervisors (with approval by the Senior Team lead) because of their job duties, and are afforded this status when it is beneficial to NGS, their respective team, and the employee.Candidates must be legally authorized to work in the United States. This position is not eligible for visa sponsorship.
We encourage you to apply even if your experience is not a 100% match with the position. We are looking for someone with relevant skills and experience, not a checklist that exactly matches the job description. We want to help you grow and in return, you help us grow into a stronger, more inclusive organization.