Overview The Salvation Army, an international movement, is an evangelical part of the universal Christian Church. Its message is based on the Bible. Its ministry is motivated by the love of God. Its mission is to preach the gospel of Jesus Christ and to meet human needs in His name without discrimination. We are the largest non-governmental provider of social services in America and every year, we help over 30 million Americans overcome poverty, homelessness, addiction, economic hardships, loneliness, and exploitation through a wide range of programs and services. The Information Security Engineer plays a crucial role within the IT and Security Department, and is responsible for designing, implementing, and maintaining security measures that protect the organization’s computer systems, networks, and data from cyber-attacks and/or unauthorized access of the organization’s data. This position is instrumental in supporting the Incident Manager, Information Security Director, and mentoring the Security Analysts. The engineer’s responsibilities include assisting in the developmentof organizational security policies and procedures. This position requires approximately 35 hours of work per week and may be eligible for a hybrid work arrangement. Responsibilities The core responsibilities of this position are as follows: • Design and Implement Network Security Processes o Implementation of firewalls, intrusion detection systems and other security measures to prevent unauthorized access to the network. o Identify security risks and develop strategies to mitigate these risks. o Remain abreast of all current security threats and ensure all security processes remain effective. • Monitor and Evaluate Network Security o Conduct regular security audits and vulnerability assessments to identify potential threats and vulnerabilities that could be exploited by malicious actors. o Monitor network traffic and analyze security logs using existing tools to detect suspicious activity and respond to security incidents managed by the Incident Manager in a timely and effective manner. o Assist in evaluation and implementation of additional security tools as needed and developing processes and procedures for their use. • Provide Technical Support o Provide technical support and guidance to other members of the organization. o Assist in training staff members on security best practices, troubleshooting security issues and responding to security incidents. technical support. o Ability to communicate complex technical information in a clear and concise manner. • Security Awareness and Training o Ensure that security awareness training focuses on application access best practices, password management, and recognizing phishing attempts and other social engineering tactics. o Assess the effectiveness of the training across the territory and create training sessions for employees across various departments (e.g., ARCC, Finance, CRD, HR) relevant to the sensitive data they handled, ensuring they understand their roles in maintaining cybersecurity. o Stay informed about new security awareness training methods and technologies to enhance the effectiveness of training programs. • Compliance and Best Practices Implementation o Ensure all cybersecurity policies, practices, and protocols adhere to relevant regulatory and compliance standards (e.g., NYSHIELD, GDPR, HIPAA, PCI-DSS). o Creating and updating security policies and procedures to align with best practices and ongoing compliance requirements. o Assist the Information Security Director by participating in internal and external audits, providing necessary documentation and evidence of compliance where warranted. • Threat Intelligence and Research o Actively follow cybersecurity news, trends, and threat intelligence reports to stay ahead of the organization's potential security threats. o Lead internal threat intelligence by analyzing and summarizing current threats, vulnerabilities, and attack methodologies. o Engage with cybersecurity communities and forums to exchange knowledge and stay informed about emerging cybersecurity technologies and practices. • Tools and Technologies Management o Assist in evaluating, selecting, and deploying cybersecurity tools and technologies that enhance the organization's security posture. o Ensure proper configuration, maintenance, and update of security tools to optimize their effectiveness and efficiency. Qualifications Bachelor's degree from four-year college or university. 3-5 years of related experience. • Cybersecurity training / certifications – CISSP, CISM, Security+, or equivalent is preferred. • Proficient in using SIEM systems, endpoint security solutions, and network monitoring tools. • Awareness of regulatory compliance standards relevant to cybersecurity (e.g., NYSHIELD, GDPR, HIPAA, PCI-DSS). • Excellent analytical and problem-solving skills. • Stays informed of trends in the industry through news and events (e.g., threat intelligence and reports, blogs and podcasts) • Demonstratable passion for the field of cybersecurity through consistent learning and engagement (e.g., TryHackMe, HackTheBox, Vulnhub, Cybrary, PortSwigger, maintaining cybersecurity certifications, etc.) • Strong communication and collaboration abilities across various levels and departments. What We Offer + Generous Medical, Dental, Vision Benefits + TSA paid Life Insurance for Employees + Additional life insurance options for employees + On-site cafeteria + Paid Time Off – Vacation, Sick, Personal day + 403(b) retirement savings plan + Non-contributory Pension Plan + Professional Development + Education Assistance + Free, on-site Fitness Center + Federal holidays + Opportunities to give back and support our communities All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, disability or protected veteran status. 　 Job LocationsUS-NY-West Nyack Job ID 2024-13291 Category Information Technology Compensation Min USD $100,000.00/Yr. Compensation Max USD $110,000.00/Yr. Type Regular Full-Time