Remote Hire, Remote, USA
38 days ago
Information Security Engineer
Overview Goldbelt Incorporated is an Alaska Native Corporation (ANC) headquartered in Juneau, Alaska, whose mission is to make a significant and positive difference in the lives of more than 4,200 Alaska Native shareholders. Alaska Native Corporations hold a distinct purpose and share a familiar creation story born in an act of Congress in 1971. Join a fast-growing “forever” company that manages over 30 subsidiaries and provides centers of excellence in a shared service center model based out of Herndon, Virginia. At Goldbelt, we place a strong emphasis on recognizing and rewarding the dedication and hard work of our team members in pursuit of our company's mission. We are a team focused on gold standard customer service and professional growth with competitive benefits and profit-sharing plans and help support a business model that gives back to the community of shareholders. Summary: Goldbelt Inc. is seeking a highly skilled and motivated Information Security Engineer to join our IT Security team. The successful candidate will play a critical role in safeguarding our organization’s information assets, designing robust security systems, and ensuring compliance with industry best practices and regulations. This role involves a mix of strategic planning, hands-on implementation, and ongoing management of security measures to protect our data and infrastructure. This is a remote position that requires working in the Herndon, VA office two days per week. Responsibilities Essential Job Functions: Design, implement, and maintain security systems, including firewalls, intrusion detection/prevention systems, and endpoint protection Develop and deploy network security measures such as VPNs, encryption, and secure access solutions Conduct regular vulnerability assessments and penetration testing to identify security risks Develop and implement strategies to mitigate identified vulnerabilities and ensure timely patch management Assist in investigations and response to security incidents, including forensic analysis, reporting, and remediation efforts Assist in developing and maintaining incident response plans and procedures Assist in ensuring compliance with relevant laws, regulations, and standards (NIST, GDPR, HIPAA, PCI-DSS) Conduct regular risk assessments and audits to evaluate the effectiveness of security measures Develop and maintain comprehensive System Security Plans (SSPs) and Plan of Action & Milestones (POA&M) to track and address security vulnerabilities and compliance issues Develop, implement, and enforce applicable security frameworks and standards, including NIST 800-171, ISO/IEC 20000/27001, and CMMC security controls Participate in the development and review of information system security policy and standards Support the development and maintenance of system asset lists, hardware, and software baselines Provide detailed security-related reports including data, analyses, and conclusions upon completion of tests, scans, and assessments Verify and document the implementation of security controls necessary to achieve compliance Keep management apprised of impending areas of concern, verbally and in writing Assist in developing various policy documents (SOPs/CONOPs) as required, including policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Incident Response, Disaster Recovery, and Security Assessments Assist in maintaining and maturing existing information security and risk policies Initiate and lead ongoing information security maturity assessment processes and training Identify and report on key performance indicators for implemented security measures Maintain knowledge of the threat landscape by monitoring threat intelligence sources Develop, implement, and enforce security policies, procedures, and protocols Provide training and awareness programs to educate staff on security best practices and protocols Review logs of network traffic and system activity for signs of potential security breaches Analyze security logs and reports to identify trends, anomalies, and areas for improvement Work closely with IT operations to integrate security into system and software development processes Communicate security issues and recommendations to stakeholders, including Executives, IT staff, and end-users Qualifications Necessary Skills and Knowledge: Strong understanding of security controls, specifically NIST Documentation and generation of compliance artifacts Implementation of Identity Management and Conditional Access Policies Design and implementation of SIEM, preferably Microsoft Sentinel Strong understanding of Cyber Attack methods and preventative measures In-depth knowledge of mail flow (Exchange) Penetration testing of applications and infrastructure Understanding Business Challenges and the impact of implementing security policies Ability to embrace change, learn quickly, and thrive in a dynamic corporate environment Skill in working harmoniously within cross-functional teams to achieve common objectives Ability to prioritize tasks, manage multiple projects, and meet deadlines Possesses attention to detail and effective problem-solving skills Must have the ability to communicate effectively and diplomatically, both verbally and in writing, with co-workers and with outside agencies, partners, shareholders, and business associates Strong cultural awareness and sensitivity, with the ability to adapt messages and strategies for diverse audiences Basic understanding of relevant software, tools, and systems used in the corporate environment. This includes a proficiency in standard software applications, including Windows and MS Office Suite (Outlook, Word, PowerPoint, and Excel) Minimum Qualifications: Bachelor's degree in computer science, cyber security, or a related discipline, or equivalent experience Certified Information Systems Security Professional (CISSP) Minimum 4 – 5 years of experience in information security engineering or a related role Experience with security frameworks and standards Ability to travel up to 25% Ability to successfully pass a background check Preferred Qualifications: Certified CMMC Professional (CCP) Certified CMMC Assessor (CCA) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Ethical Hacker (CEH) Previous experience working with Alaska Native Corporations (ANCs) and/or previous exposure to Alaska Native cultures Previous government contracting experience Certified CMMC Registered Practitioner (RP) The salary range for this position is $113,000 to $140,000 annually. Pay and Benefits At Goldbelt, we value and reward our team's dedication and hard work. We provide a competitive base salary commensurate with your qualifications and experience. Our annual incentive compensation plan is designed to reward your contributions to Goldbelt's success. It's a profit-sharing initiative tied to our strategic objectives, demonstrating that your efforts directly impact our achievements. As an employee, you'll also enjoy a comprehensive benefits package, including medical, dental, and vision insurance, a 401(k) plan with company matching, tax-deferred savings options, supplementary benefits, paid time off, and professional development opportunities.
Confirm your E-mail: Send Email