It Security Engineer

About the Opportunity: POAH is seeking an IT Security Engineer to work as a member of POAH’s IT team. The IT Security Engineer is responsible for securing our internal and cloud-based IT infrastructure.  The IT Security Engineer will perform multiple assigned technical tasks related to system and data security including audits, risk analysis, investigations, and mitigation of cyber risks and threats.  Other responsibilities will include:

• Provide on-going technology risk reporting and monitoring identifying key trends and metrics to regularly measure control effectiveness
• Perform security audits as needed including working with external vendors to perform security audits and external PEN testing and mitigate identified risks
• Review, audit, investigate, and mitigate security risks to the organization
• Security Infrastructure Management:
  • Design, implement, and manage security vendors and infrastructure, including firewalls, antivirus solutions, intrusion detection/prevention systems, and other security appliances and software.
  • Ensure the proper configuration and maintenance of security hardware and software.
• Vulnerability Assessment:
  • Conduct regular vulnerability assessments and penetration testing to identify and mitigate potential security risks.
  • Collaborate with system owners and vendors to remediate identified vulnerabilities.
• Incident Response:
  • Take the lead supporting our incident response plans to address any security incidents promptly.
  • Investigate security breaches and recommend corrective actions and preventative measures.
• Security Policies and Procedures:
  • Develop and enforce security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of information assets.
  • Stay current with industry trends and emerging security threats to continuously update security policies.
• Identity and Access Management:
  • Implement and manage access control systems to safeguard sensitive information.
  • Regularly review user access rights and permissions to ensure least privilege access.
• Security Audits and Compliance:
  • Conduct regular security audits to assess compliance with internal and external security standards.
  • Stay informed about relevant regulations and ensure the organization's adherence to compliance requirements.
• Security Patch Management:
  • Audit vendors responsible for patch management process to keep systems up to date with the latest security patches.  Identify systems with outdated security patches and work with vendors to remediate issues identified.
  • Report on hardware assets as it relates to current operating systems and security patch levels ensuring we are constantly up to date.
• Encryption and Data Protection:
  • Implement encryption technologies to protect sensitive data at rest and in transit.
  • Spearhead future project to classify all data and implement appropriate data protection measures.
• Collaboration and Communication:
  • Work closely with other IT teams to integrate security best practices into the development and deployment processes of all new hardware and software and the maintenance/upgrade process for existing softwares.
  • Communicate security risks and issues to technical and non-technical stakeholders effectively.
• Security Research and Innovation:
  • Stay up to date with the latest trends and advancements in cybersecurity.
  • Evaluate and recommend new security technologies, tools, and methodologies.
• Security Monitoring and SIEM:
  • Implement a Security Information and Event Management (SIEM) solution to collect and monitor security logs from all networked devices responding to security incidents in real-time.
  • Manage Security Information and Event Management (SIEM) systems to correlate and analyze security data.

Requirements and Qualifications

• Minimum of 5 years of hands-on work experience as an IT Security professional managing hardware, software, and data security across various IT systems and platforms.
• Experience managing security in a Microsoft environment with deep understanding of networking, Microsoft Active Directory, Azure P2, and Defender.
• Experience implementing and administering Security Information and Event Management (SIEM) solutions.
• Experience managing security controls, policies and procedures.
• Expert knowledge in multi-factor authentication solutions/systems.
• Deep knowledge of Microsoft Windows, Outlook, Word, Excel, PowerPoint, OneDrive.
• Experience managing an IT Security Response program including identifying risks, containment, and mitigation.
• Excellent organizational, time management and tracking skills in a multi-task/multi-system environment.
• Ability to coordinate with vendors to ensure the security of all IT services and support.
• Ability to prioritize work based on risk and/or opportunity.
• Relevant certifications (CISSP, CISA, CISM, Security +) preferred.
• Affordable Housing, Real Estate or Property Management industry experience preferred.
• Ability to work periodic flexible hours.
• Ability to travel by car and airplane.

Skills

• Well-developed analytical and problem-solving skills
• Self-directed and self-motivated
• Works well under pressure/deadlines
• Ability to lead the technical evaluation, design, and implementation of security solutions
• Ability to work well with other IT Teams and internal departments to maintain a secure and resilient computing environment
• Strong written and oral communication skills

Interested individuals should complete an application and submit a resume and cover letter.

Salaries are competitive and commensurate with experience.   Benefits include health and life insurance, generous earned leave and parental leave program, a 401k retirement plan with company match, individual employee professional development budget, and end of year bonus.

POAH is an Equal Opportunity Employer.  Diverse candidates are encouraged to apply.

About the Organization:  Preservation of Affordable Housing, Inc. (POAH) is a national nonprofit organization whose mission is to preserve, create and sustain affordable, healthy homes that support economic security, racial equity and access to opportunity for all.  POAH owns and operates more than 13,000 affordable homes at more than 120 properties in 11 states and the District of Columbia.  POAH is based in Boston with offices in Chicago and Washington, DC.

POAH’s reach is national in scope, and its pursuit of the preservation mission is empowered by a focus on the business bottom line.  Its strong reputation is the result of a demonstrated ability to craft complex financial transactions, tackle tough multi-family projects, and close deals that preserve the affordability of at-risk properties.  The organization and its leaders are at the forefront of policy and legislative discussions around housing preservation, affordable housing finance and regulatory reform, including energy efficiency in the multifamily sector.

The POAH team is dedicated, creative and passionate.  We believe a diverse and inclusive team is a stronger, smarter team and we actively promote diversity and meaningful inclusion of different perspectives among our Board, our staff, our partners, in our procurement of goods and services, and at our communities.  We understand that addressing structural racism and achieving racial equity are central to the work we do and we proactively integrate the issue of race in our housing work.