Information Security Engineer

About the Role

The Information Security Engineer is responsible for safeguarding ABCD’s systems, networks, and sensitive client and employee information across a 40+ site, multi-program environment. This role serves as ABCD’s primary internal cybersecurity subject matter expert. The Engineer leads security operations, incident response, risk management, and security program development while strengthening the organization’s overall cybersecurity maturity. The position combines hands‑on technical execution with practical governance and risk oversight to support mission‑critical community services.

Key Responsibilities

• Security Operations & Monitoring
  Monitor, investigate, and respond to security alerts across cloud and on‑premises systems. Maintain and improve detection rules, alerting, and response playbooks. Oversee log visibility and security monitoring across identity, endpoint, email, and network systems.

• Incident Response & Investigation
  Lead end‑to‑end incident response (phishing, malware, account compromise, data exposure, suspicious activity). Coordinate containment, eradication, recovery, documentation, and post‑incident reviews. Conduct periodic incident response exercises and ensure lessons learned result in strengthened controls. Escalate significant risk conditions to ITS leadership with clear remediation recommendations.

• Vulnerability & Risk Management
  Manage vulnerability scanning, remediation tracking, and risk prioritization. Partner with infrastructure and support teams to ensure timely patching and mitigation. Conduct risk assessments for new systems, integrations, and cloud services. Maintain secure configuration baselines aligned with recognized frameworks (NIST, CIS Controls).

• Identity, Access & Data Protection
  Strengthen identity and access management controls (MFA, conditional access, privileged access, lifecycle management). Maintain least‑privilege standards and periodic access reviews. Advance data protection practices including encryption, secure sharing, and retention controls. Support data classification and protection of highly sensitive program information.

• Governance, Compliance & Reporting
  Develop and maintain security policies, standards, and procedures. Support compliance with applicable federal, state, and grant‑based cybersecurity and privacy requirements. Coordinate security documentation required for audits and cyber insurance renewals. Track and report key security metrics and risk trends to ITS leadership. Contribute to the development of a multi‑year cybersecurity roadmap aligned with organizational risk.

• Security Awareness & Risk Reduction
  Deliver or coordinate security awareness initiatives, including phishing simulations. Improve secure email handling and reporting workflows across the organization. Partner with program leadership to reinforce secure practices in field and client‑facing environments.

• Third‑Party & Vendor Risk
  Conduct security reviews of vendors and systems (questionnaires, SOC reports, risk analysis). Track vendor remediation commitments and contract‑related security obligations.

• Business Continuity & Disaster Recovery
  Support business impact analysis and recovery planning. Coordinate backup validation and participate in recovery testing to ensure operational resilience.

Skills, Knowledge and Expertise

• Minimum of a Bachelor’s degree in Information Security, Computer Science, Information Technology, Business Continuity, or a related field.
• 3‑5 years of work experience in security engineering, security operations, or IT security administration.
• Experience with Google Workspace security and administration, endpoint security and device management, network security appliances, firewalls, VPN, DNS filtering, vulnerability management platforms, and SIEM or centralized log management tools (preferred).
• Experience in a multi‑site or nonprofit organization handling sensitive personal information and familiarity with NIST CSF, NIST 800‑series frameworks, or CIS Controls (preferred).
• Security certifications such as Security+, SSCP, CySA+, GSEC, CISSP (preferred).
• Must be able to travel to program sites as needed.

Benefits

• Make a Difference: Every day, your work directly impacts the lives of thousands in the Greater Boston community, empowering them and making positive, lasting change.
• Inclusive Environment: ABCD values the diversity of its workforce, with an inclusive culture that respects individuality and promotes collaboration.
• Continuous Learning: Numerous training and development opportunities ensure staff remain at the forefront of community action methodologies and strategies.
• Comprehensive Benefits: Competitive benefits package, including health coverage and retirement plans.
• A Legacy of Impact: Join an organization with a legacy spanning over half a century, championing the rights and needs of the community’s most vulnerable.
• Teamwork & Camaraderie: Be part of a passionate team united in the mission to combat poverty and help every individual reach their fullest potential.