IT Security Engineer at Thorn
Title: IT Security Engineer
Location: Remote (US based)
Thorn is a non-profit focused on building technology to defend children from sexual abuse. Working at Thorn gives you the opportunity to apply your skills, expertise, and passion to directly impact the lives of vulnerable and abused children. Our staff solves dynamic, quickly evolving problems with our network of partners from tech companies, NGOs, and law enforcement agencies. If you are able to bring clarity to complexity and lightness to heavy problems, you could be a great fit for our team.
Last year, we took the stage at TED and shared our audacious goal of eliminating child sexual abuse material from the internet.
What You’ll Do
This is a multi-faceted role that will require prioritizing the most important tasks on a day to day basis from the responsibilities below.
- You will administer authentication and access controls, including provisioning, changes, and de-provisioning of user and system accounts, security/access roles, and access permissions to information assets
- You will develop, implement, and maintain security policies and procedures to be used in managing Thorn’s internal systems and products to prevent the deliberate or accidental disclosure of data to unauthorized persons and from unauthorized modification.
- You will consult and interface with Thorn staff, vendors, and stakeholders (such as People Ops and Legal) to develop solutions to security issues while considering business requirements. Analyzes and recommends security controls and procedures for Thorn systems and products and monitors for compliance.
- You will prepare and conduct internal penetration and vulnerability assessments, forensic/security violation investigations and recommend corrective action.
- You will engage and coordinate third-party risk and compliance assessments for Thorn’s internal compliance policies as well as compliance requirements related to Thorn’s customer contracts.
- You will stay current with cybersecurity trends, threat analysis, and the compliance environment with respect to organizational risk; You will advise organization management and develop and execute plans for compliance and mitigation of risk.
- You will establish Thorn’s IT disaster recovery strategy and own the ongoing testing of the disaster recovery plan
- You will monitor and analyze information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends.
- You will establish Thorn’s Information Security training program and knowledge sharing of best practices
- You will work with teams to evaluate options for new, third-party software from a security perspective. Develops recommendations based on risk assessments.
- You will integrate new and existing software systems with Okta Single Sign-On and document policies and access controls for systems that cannot be integrated for future reference.
- You will respond to employee requests for help accessing and using Thorn information systems and write documentation to answer common user questions.
- You will perform administrative actions such as creating Google Shared Drives, email aliases, service tokens, etc. in a timely manner so as to unblock employee work.
- You will develop solutions whenever possible to allow employees to self-service their IT requests with proper audit trails.
- You will routinely audit access to systems and take corrective action.
- You will communicate IT changes to Thorn staff, including considerations made of risk reduction and employee agency.
Technology Vendor Management:
- You will manage technology vendor relationships, renewals, budget approvals and working with legal on contract approval for new vendors
What We’re Looking For
- You have a commitment to putting the children we serve at the center of everything you do
- You have experience managing and administering company-wide IT systems at a small fast-growing startup
- You believe in the right balance between maintaining secure systems and allowing for speed of development for engineers
- You have experience administering GSuite, Okta, and AWS
- You have experience with defining security programs and implementing them on teams
- You can work with shifting requirements in a fast-paced and fluid environment, and collaborate with both internal and external stakeholders
- You have a passion for information technology and security and an aptitude to work in a collaborative environment, can demonstrate empathy and strong advocacy for our users, while balancing the vision and constraints of technology
- You communicate clearly, efficiently, and thoughtfully. We’re a highly-distributed team, so written communication is crucial
Technologies We Use
- Docker / Kubernetes
Sign up for Daily Remote Job Alerts!