Benefits Data Trust (BDT) seeks a Security Engineer as part of our Site Reliability Engineering team (SRE). The Security Engineer plays a vital role in assuring both internal and external stakeholders that our sensitive data and systems are protected and secured. The Security Engineer will design and implement security improvements for our hybrid environment. The Security Engineer will work in close collaboration with our cloud architecture and platform development teams to create and enforce best security practices. Additionally, the Security Engineer will ensure that BDT follows all SOC II protocols. The Security Engineer will collaborate with other departments to ensure SOC II compliance at an organization level. The Security Engineer is also expected to monitor security measures for the continued protection of our systems.
The Security Engineer reports to the Cloud Architect.
- Strong understanding of securing cloud environments by applying best practices
- Drive infrastructure security initiatives while partnering with other engineering teams
- Participate in technical meetings to review and enforce compliance with BDT security; standards based on SOC II principles
- Identify common infrastructure security vulnerabilities and resolve them
- Perform security analysis and privacy analysis audits of all BDT equipment, public-facing services, private-facing services, and vendor-hosted services using both automated and manual means
- Participate in design reviews with perspective on security
- Improve and enhance existing monitoring and alerting services
- Conducting proactive research to analyses security weaknesses and recommend appropriate strategies
- Articulate and prioritize security risks
- Host education sessions with the engineering team to establish and nurture security best practices
- Review and formulate responses to state, partner, and auditor requests with regards to information security
- Expertise across a variety of security products including firewalls, URL filtering, information security and virus protection
- Outstanding communication skills that go beyond “tech talk” – the ability to translate complex IT matters to those without an IT background
- Expertise with mobile code, malicious code, and anti-virus software
- Ability to build automated tools to solve technical challenges in order to prevent having to solve problems manually
- 3-5 years of:
- Linux administration experience;
- Strong experience with cloud and containerization;
- 3-5 years of experience with CI/CD;
- 3-5 years of experience utilizing automation services and tools
- Experience with vulnerability scanners
- Strong time management and organizational skills
- Application and hardware monitorin
- Knowledge of SOC II principles
- Incident response and post-mortem analysis
- A strong documentation mindset
- The business acumen to provide cost-effective security solutions
- Ability and interest to script, write small applications, and learn new technologies
- A commitment to continued professional development and technical skills improvement
Benefits Data Trust (BDT) is a national nonprofit that helps people live healthier, more independent lives by creating smarter ways to access essential benefits and services. Each year, BDT helps tens of thousands of people receive critical supports using data, technology, targeted outreach, and policy change. Since inception in 2005, BDT has submitted over 800,000 applications – more than any other single entity in the country – securing over $7 billion in benefits and services. BDT employs more than 170 people and provides enrollment assistance to individuals in six states, and policy assistance to states nationwide. For more information, visit bdtrust.org.
To apply for this position, click here.