Cybersecurity Specialist

Summary

Join the CDC Foundation in advancing its mission by safeguarding digital assets, data, and systems from cyber threats. As a Cybersecurity Specialist, you will identify, assess, and mitigate security risks through robust security measures and protocols.

Requirements

• Bachelor’s degree in computer science, information technology, cybersecurity, or a related field
• Minimum 5 years of experience in cybersecurity roles, with specific experience in risk assessment, incident response, and policy development
• Knowledge of cybersecurity principles, technologies, and best practices, including network security, encryption, identity and access management, and security monitoring
• Knowledge and familiarity with relevant regulatory requirements and frameworks, such as HIPAA, GDPR, NIST Cybersecurity Framework, and ISO 27001
• Strong analytical skills and attention to detail, with the ability to assess complex security issues and develop effective solutions
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with partners at all levels of the organization
• Ability to work independently and prioritize tasks in a fast-paced environment, while also functioning as part of a multidisciplinary team
• Ability to convey technical concepts to non-technical partners effectively
• Outstanding interpersonal and teamwork skills; collegial; energetic; and able to develop productive relationships with colleagues, partners, and partners
• Flexibility to adapt to evolving project requirements and priorities
• Demonstrated ability to work well independently and within teams
• Experience working in a virtual environment with remote partners and teams
• Proficiency in Microsoft Office

Responsibilities

• Perform security activities including vulnerability testing and analysis, code review, static and dynamic code
• Perform business logic exploit testing
• Implement automation framework within cloud computing infrastructure around security events
• Automate infrastructure security testing and penetration testing
• Identify, analyze and correct security related issues
• Utilize advanced tools and techniques to detect and analyze potential cybersecurity threats and vulnerabilities across the organization's network, systems, and applications
• Monitor security events and alerts in real-time, investigate potential security incidents, and respond promptly to mitigate threats and minimize impact
• Conduct regular vulnerability assessments and penetration testing to identify weaknesses in the organization's infrastructure, prioritize remediation efforts, and ensure systems are adequately protected
• Collaborate with technical teams to design and implement robust security architectures that align with business goals and industry best practices, incorporating elements such as firewalls, intrusion detection systems, and encryption
• Develop and maintain cybersecurity policies, procedures, and standards, ensuring compliance with relevant regulations and industry frameworks. Enforce security policies through education, training, and regular audits
• Develop and maintain incident response plans and playbooks, outlining procedures for effectively responding to security incidents, including containment, eradication, and recovery efforts
• Provide cybersecurity awareness training to employees, contractors, and other partners to promote a culture of security and empower individuals to recognize and respond to potential threats
• Conduct comprehensive risk assessments to identify and prioritize security risks to the organization's assets and data, collaborating with partners to develop and implement risk mitigation strategies
• Ensure compliance with relevant regulatory requirements, industry standards, and contractual obligations related to cybersecurity, maintaining documentation and evidence of compliance efforts
• Evaluate the security posture of third-party vendors and service providers, assessing their ability to protect sensitive data and mitigate security risks effectively
• Prepare and present regular reports on security incidents, trends, and metrics to senior management and partners, providing insights into the organization's security posture and areas for improvement