Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com.

Summary

Do you love to stay up to date on the latest information security attacks, trends, and news? Are you detail oriented, passionate, and committed to continual development? Do you enjoy improving technical controls and processes to ensure system integrity is maintained while keeping end users, applications, and data safe? If so, please read on!

What You'll Do

• Report directly to the Director of Cybersecurity.

• Research, evaluate, and recommend information-security-related controls on systems and network device hardening practices and then play an advisory role in IT projects to assess security requirements and controls and to ensure that security controls are implemented as planned.

• Develop and maintain network architecture and diagrams to support security and business operations.

• Own the Vulnerability management solutions to validate systems are meeting industry hardening benchmarks such as CIS, with continuous tuning, ongoing integration, feature expansion, reporting, validation, and monitoring of endpoint security controls and vulnerability management solutions.

• Familiarity with security frameworks and best practices (e.g. ITIL, NIST Cybersecurity Framework, MITRE ATT&CK, etc.).

• Serve as a primary internal threat investigator, using an array of tools and capabilities to investigate internal threat cases.

• Assist in the performance of periodic data security audits, risk assessments control validation, and remediation while ensuring adequate and effective controls and associated policies exist to meet current and future security compliance requirements around legal and regulatory requirements that apply to the company.

• Research and test group policy configuration changes to ensure baseline security standards are met while limiting impact to the system and end-user performance and functionality.

• Perform installation and configuration management of security systems and applications, including policy assessment and compliance tools, network security and host-based security systems.

• Create Incident Response (IR) plans, IR playbooks and assist with incident response activities.

Requirements

• 3-5 years of experience in a technical role (system administrator, programmer, etc.) required, preferably in a fast-paced and constantly changing environment with 2-3 years of experience with SIEM, IDS/IPS, vulnerability management, incident response, threat intelligence.

• Knowledge of vulnerability management strategies, standards, procedures, and technologies across infrastructure- and application-level vulnerabilities.

• Experience with information security frameworks & controls. Knowledge of NIST, ISO, SOC 2, PCI, and/or CIS Controls.

• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

• You demonstrate excellent and pragmatic judgement in prioritizing security efforts to mitigate the appropriate risks.

What sets you apart

• Experience with and knowledge of securing cloud services such as those built on AWS and/or Azure

• M&A (Mergers and Acquisitions) assessment and IT security gap analysis experience is a plus.

• Well-versed in deploying native and third-party technologies to secure endpoint platforms and workloads from on-prem to remote to the cloud.

Our Culture:

Our team is made up of industry experts and advocates who are 100% committed to supporting the doers of social good. We are currently undergoing an effort to create the vision and values that embody our collective organization and embrace the individuals who make up our community.

Our comprehensive and competitive benefits include:

• Generous Flexible Time Off (FTO) Policy

• Equity for ALL regular, full-time employees from individual contributors to management - share in our success!

• Up to 15 paid company holidays including some commemorating social justice events and self-care

• Paid volunteer time

• Resources for savings and investments

• Paid parental leave

• Paid sick leave

• Health, vision, dental, and life insurance with additional access to health and wellness programs.

• Opportunities to learn, develop, network, and connect

We are committed to being an equal opportunity employer and evaluate qualified applicants without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, diversity of thought and any other characteristic protected by applicable law.