Senior Security Engineer

Great Minds, a rapidly growing, mission driven Public Benefits Corporation (PBC) that develops high quality knowledge building curricula for grades PK-12, seeks a Senior Security Engineer to join our growing team.

Company Profile
Great Minds brings teachers and scholars together to craft exemplary instructional materials that inspire joy in teaching and learning. Our curricula, Wit & Wisdom®; Geodes; Eureka Math™; and PhD Science™ all support teachers as they take students beyond rote learning to provide a deeper, more complete understanding of the humanities, mathematics, and sciences. Founded in 2007, Great Minds now employs more than 1,100 people.

For additional information please visit: www.greatminds.org

Our Market Position
Great Minds’ Eureka Math™ is the most widely used curriculum in the history of American education. It enjoys an unrivaled 40+ net promoter score. Eureka Math™ and its sister products, Wit & Wisdom® and PhD Science™, embrace much higher expectations for all students and all teachers. In a market dominated by scripted, procedural materials that drive expectations down, Great Minds produces curricula that celebrate knowledge, respect the craft of teaching, and acknowledge the true capabilities of students.

Role Overview

Reporting to the IT Security Lead, the Senior Security Engineer will focus on corporate security infrastructure and security processes and procedures (endpoint management, intrusion prevention, disaster recovery, policies and plans). This role will establish security capabilities within the organization and drive improvements in the company’s security posture. This role will also act as an escalation point for security events and may act as a resource on corporate technology projects.

Specific Responsibilities

• Prepare and update IT Security documentation (policies, procedures, response plans, etc.).
• Administer security tools (Okta, Mimecast, Zscaler, etc.).
• Collaborate with the full IT Security team as well as application administrators, vendors, and business stakeholders, as appropriate, on the operational aspects of technical solutions.
• Analyze security compliance requirements for new system features and proactively identify potential security issues.
• Work cross-functionally with the Product and Engineering teams to ensure security vulnerabilities are properly understood and prioritized, and remediation plans are developed to address and remediate the risk in a timely manner.
• Provide project management for small security projects and participates in IT projects.
• Recommend security process changes or improvements.
• Identify and analyze potential security vulnerabilities and emerging threats and implement remediation.
• Develop, monitor, and assess our data, tech tools, and network security implementations.
• Provide project management for small/medium security projects and participate in IT projects.
• Lead the Cybersecurity Incident Response investigation request and handle escalations for active incidents.
• Develops and publishes metrics, reports, and/or dashboards demonstrating security posture and event activity.
• Configure, administer, and troubleshoot corporate security tools (DLP, IDS, SIEM, etc.)
• Evaluate and partner with vendors to implement security solutions
• Assist in major incident management and problem management processes
• Create configuration baselines, identify gaps, and create detailed recommendations
• Provide support for RFP review and responses related to IT security.
• Maintain awareness of external events to identify threats and opportunities for enhancement.
• Act as an escalation point for technical security matters.

Required Qualifications

• Minimum of 3 years of proven experience in Information Technology security work
• Minimum of 3 years of overall IT experience
• Demonstrated experience in application security, vulnerability assessments, penetration testing, and risk assessment activities across functional business areas and technology services
• Knowledge or experience penetration testing methods and tools such as Burp Suite, Metasploit, OWASP ZAP, nmap, Nessus, Rapid7, Kali Linux, and more
• Demonstrated ability to explain standards and frameworks such as OWASP Top Ten, NIST 800-171, CIS Benchmarks, and more to technical and non-technical staff, developers, system administrators, and management
• Experience with Microsoft AD, Azure AD, LDAP, and Mac security controls
• Experience managing Office 365 security controls (data loss prevention, encryption)
• Ability to work in and enjoy a fast-paced environment across organizational teams
• Ability to work flexible schedules to meet job requirements
• Ability to drive or fly to various office locations

Preferred Qualifications

• Experience with or knowledge of either application security or AWS infrastructure security
• Some audit and compliance (ISO-27000, NIST-800, SOC, PCI) efforts and understanding
• Technical Certifications, such as CISSP, ACSP, MCP, MCDT, MCITP/MCSA, A+, Network+, or Security+
• PowerShell, Bash, Python scripting, and coding abilities

Required Education:

• Bachelor's degree in Business, Information Technology, or a related field

Status:

• Full-time

Location:

• Washington, DC (Hybrid, in office 2-4 days per month)

New employees will be required to successfully complete a background check.

Any communication to applicants relating to the Great Minds hiring process will only come from email addresses with the domains greatminds.org or greatminds.recruitee.com. If in the course of the application or hiring process with Great Minds you are contacted through another domain, are requested to provide banking or other sensitive information, or you note any other suspicious activity, please contact security@greatminds.org

Great Minds is an equal opportunity employer. We will extend equal opportunity to all individuals without regard to race, religion, color, sex (including pregnancy, sexual orientation, and gender identity), national origin, disability, age, genetic information, or any other status protected under applicable federal, state, or local laws. Our policy reflects and affirms the organization’s commitment to the principles of fair employment and the elimination of all discriminatory practices.

#LI-Hybrid