All Boston Mutual employees who interact with our policyholders, our producers, and our BML associates embrace the principles of our brand and service philosophy. We are all brand ambassadors. Both our words and our behaviors matter. We share a common service philosophy and pride ourselves in living the BML brand promises every day, one interaction at a time. The following statements represent what Boston Mutual stands **_“FOR”_** – it is what makes us **_different_** and **_better_** in the market we serve. + We are **_FOR_** being a progressive life insurance company dedicated to offering financial peace of mind to working Americans and their families. + We are **_FOR_** providing practical and affordable products designed for those we serve. + We are **_FOR_** making it easy to secure a level of financial protection with a portfolio of products – beginning with life insurance – via enrollment and billing options at the workplace. + We are **_FOR_** providing a personalized customer experience to our policyholders and producers. + We are **_FOR_** acting in the best interests of our policyholders, producers, employees and the communities in which we live and serve – representing the goodness of mutuality in all we do. We do our best to: + Demonstrate a desire to assist + Listen for understanding and respond empathetically + Explain things in a manner that is easy to understand + Be knowledgeable students of our business + Take full ownership to resolve questions and issues + Be professional, polite and courteous + Leave our customers and associates “better than where we found them” **Summary of Position** The Security Engineer reports directly to the Cyber Security Manager. The Cyber Security Engineer is responsible for working with their Cyber Security Teammates to assess, monitor, and execute security measures to help protect Boston Mutual from security breaches and attacks on its computer network systems at an enterprise level. They will be responsible for ensuring that all technology platforms and applications are well protected and updated with the latest safeguards. The Security teammates will also be responsible for completing various tests, researching latest attacks, testing new software, understanding regulatory cyber-security changes and implementing appropriate cyber control processes, tools and enhancements to ensure compliance with those regulations, and any other processes to ensure the network’s security. The Cyber Security team is responsible for operating, securing and the compliance of technology platforms and applications for the enterprise – including Cloud and on-premise environments. The Cyber Security engineer is expected to complete all Cyber Security responsibilities which include but are not limited to:  Designing and implementing security measures that meet business needs and align with industry best practices.  Creating security policies, procedures, and plans to safeguard data and systems from cyberattacks.  Actively monitoring networks for potential vulnerabilities, threats, and breaches leveraging internal tools and external partnerships (like SolarWinds and Rapid7 MTC) – and then effectively responding to threats and vulnerabilities as they are identified.  Performing risk assessments to identify potential security threats in an organization’s computing environment.  Conducting security audits to identify potential vulnerabilities and test to simulate/test our processes on computer networks and applications.  Analyzing the impact of emerging technologies on existing security systems and identifying potential risks while leveraging these insights to develop recommendations on new security measures to strengthen existing security systems for the enterprise.  Developing Cyber roadmaps and managing projects to maintain and enhance Security related systems to protect the enterprise.  Installation, configuration and management of security systems and tools such as Proofpoint and Rapid7 MTC.  Develop and execute plans to remediate vulnerabilities that are found by various tools or audits, tools include Rapid7 and SolarWinds.  If anomaly or threats are detected in the environment, invoke decision making skills to mitigate risk and address vulnerabilities while alerting appropriate leadership to the issue.  Conducting a forensic analysis of cyber-attacks to determine the source of the attack and how to prevent similar attacks in the future.  Maintain and operate cyber systems to identify, detect, protect, respond, and recover from cyber threats and incidents.  Create and prepare regular cyber reports of current state, recommend remediation strategies, targeted metrics and solutions to maintain our infrastructure’s performance and security. Provides subject matter expertise and cyber security perspective in assisting in the development, implementation and testing of the enterprise disaster recovery and business continuity plan.  Research the latest cyber security trends and software to prevent current or upcoming threats  Maintain and approve/deny software to the “Approved Software List” and put process in place to make sure these are kept up-to-date.  Provide 2nd level support for the advanced troubleshooting of security tools and end-user issues and challenges, while mentoring teammates in Cyber security risks and tool advancements Qualifications & Knowledge Requirements Education:  Bachelor’s degree in computer science or related field or equivalent job experience. Experience:  Minimum 8 years of hands-on experience in Cyber security technology and infrastructure acquisition, deployment, and administration roles.  5+ years technical experience protecting and supporting Windows Server, VMWare and AWS/Azure environments and leveraging enterprise monitoring and measuring tools like SolarWinds, Proofpoint, Windows Defender, Rapid7 InsightVM and Cisco Umbrella.  Prior experience leading projects requiring design and integrations with 3rd party tools. Knowledge Requirements & Capabilities:  Demonstrated knowledge of cybersecurity best practices and multiple security technologies.  Basic knowledge of Control Frameworks (NIST 800-53, CIS Controls), Program Frameworks (NIST Cybersecurity Framework) and Risk Frameworks (NIS RMF) and supporting security controls and processes.  Ability to use a risk-based approach to prioritize and implement security controls. Ability to measure and monitor security controls and processes assessing maturity and effectiveness using industry standard frameworks (e.g. NIST CSF).  Effective interpersonal skills: active listener, ability to build relationships, develop trust, and influence change.  Strong time management skills (follow-up, follow-through, meeting deadlines).  Experience participating in and supporting a hybrid workforce (on-site, remote). **Additional Information** **Regular Working Conditions** _(Desk job with occasional walking, use of a computer with hand and finger motions, close and distance vision, minimal noise level and no exposure to weather conditions)_ Prolonged Standing Frequent Walking or Stooping Increased Noise Level Exposure to Weather Conditions Heavy Lifting Heavy Equipment/Machinery Operation Travel Required “On Call” Hours Required **Other Information:**