Information Security Engineer

Overview

Goldbelt Incorporated is an Alaska Native Corporation (ANC) headquartered in Juneau, Alaska, whose mission is to make a significant and positive difference in the lives of more than 4,200 Alaska Native shareholders.

Alaska Native Corporations hold a distinct purpose and share a familiar creation story born in an act of Congress in 1971.

Join a fast-growing forever company that manages over 30 subsidiaries and provides centers of excellence in a shared service center model based out of Herndon, Virginia.

At Goldbelt, we place a strong emphasis on recognizing and rewarding the dedication and hard work of our team members in pursuit of our company's mission.

We are a team focused on gold standard customer service and professional growth with competitive benefits and profit-sharing plans and help support a business model that gives back to the community of shareholders.

Summary :

Goldbelt Inc. is seeking a highly skilled and motivated Information Security Engineer to join our IT Security team. The successful candidate will play a critical role in safeguarding our organization’s information assets, designing robust security systems, and ensuring compliance with industry best practices and regulations.

This role involves a mix of strategic planning, hands-on implementation, and ongoing management of security measures to protect our data and infrastructure.

This is a remote position that requires working in the Herndon, VA office two days per week.

Responsibilities

Essential Job Functions :

• Design, implement, and maintain security systems, including firewalls, intrusion detection / prevention systems, and endpoint protection
• Develop and deploy network security measures such as VPNs, encryption, and secure access solutions
• Conduct regular vulnerability assessments and penetration testing to identify security risks
• Develop and implement strategies to mitigate identified vulnerabilities and ensure timely patch management
• Assist in investigations and response to security incidents, including forensic analysis, reporting, and remediation efforts
• Assist in developing and maintaining incident response plans and procedures
• Assist in ensuring compliance with relevant laws, regulations, and standards (NIST, GDPR, HIPAA, PCI-DSS)
• Conduct regular risk assessments and audits to evaluate the effectiveness of security measures
• Develop and maintain comprehensive System Security Plans (SSPs) and Plan of Action & Milestones (POA&M) to track and address security vulnerabilities and compliance issues
• Develop, implement, and enforce applicable security frameworks and standards, including NIST 800-171, ISO / IEC 20000 / 27001, and CMMC security controls
• Participate in the development and review of information system security policy and standards
• Support the development and maintenance of system asset lists, hardware, and software baselines
• Provide detailed security-related reports including data, analyses, and conclusions upon completion of tests, scans, and assessments
• Verify and document the implementation of security controls necessary to achieve compliance
• Keep management apprised of impending areas of concern, verbally and in writing
• Assist in developing various policy documents (SOPs / CONOPs) as required, including policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Incident Response, Disaster Recovery, and Security Assessments
• Assist in maintaining and maturing existing information security and risk policies
• Initiate and lead ongoing information security maturity assessment processes and training
• Identify and report on key performance indicators for implemented security measures
• Maintain knowledge of the threat landscape by monitoring threat intelligence sources
• Develop, implement, and enforce security policies, procedures, and protocols
• Provide training and awareness programs to educate staff on security best practices and protocols
• Review logs of network traffic and system activity for signs of potential security breaches
• Analyze security logs and reports to identify trends, anomalies, and areas for improvement
• Work closely with IT operations to integrate security into system and software development processes
• Communicate security issues and recommendations to stakeholders, including Executives, IT staff, and end-users

Qualifications

Necessary Skills and Knowledge :

• Strong understanding of security controls, specifically NIST
• Documentation and generation of compliance artifacts
• Implementation of Identity Management and Conditional Access Policies
• Design and implementation of SIEM, preferably Microsoft Sentinel
• Strong understanding of Cyber Attack methods and preventative measures
• In-depth knowledge of mail flow (Exchange)
• Penetration testing of applications and infrastructure
• Understanding Business Challenges and the impact of implementing security policies
• Ability to embrace change, learn quickly, and thrive in a dynamic corporate environment
• Skill in working harmoniously within cross-functional teams to achieve common objectives
• Ability to prioritize tasks, manage multiple projects, and meet deadlines
• Possesses attention to detail and effective problem-solving skills
• Must have the ability to communicate effectively and diplomatically, both verbally and in writing, with co-workers and with outside agencies, partners, shareholders, and business associates
• Strong cultural awareness and sensitivity, with the ability to adapt messages and strategies for diverse audiences
• Basic understanding of relevant software, tools, and systems used in the corporate environment. This includes a proficiency in standard software applications, including Windows and MS Office Suite (Outlook, Word, PowerPoint, and Excel)

Minimum Qualifications :

• Bachelor's degree in computer science, cyber security, or a related discipline, or equivalent experience
• Certified Information Systems Security Professional (CISSP)
• Certified CMMC Registered Practitioner (RP)
• Minimum 4 5 years of experience in information security engineering or a related role
• Experience with security frameworks and standards
• Ability to travel up to 25%
• Ability to successfully pass a background check

Preferred Qualifications :

• Certified CMMC Professional (CCP)
• Certified CMMC Assessor (CCA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Ethical Hacker (CEH)
• Previous experience working with Alaska Native Corporations (ANCs) and / or previous exposure to Alaska Native cultures
• Previous government contracting experience

Pay and Benefits

At Goldbelt, we value and reward our team's dedication and hard work. We provide a competitive base salary commensurate with your qualifications and experience.

Our annual incentive compensation plan is designed to reward your contributions to Goldbelt's success. It's a profit-sharing initiative tied to our strategic objectives, demonstrating that your efforts directly impact our achievements.

As an employee, you'll also enjoy a comprehensive benefits package, including medical, dental, and vision insurance, a 401(k) plan with company matching, tax-deferred savings options, supplementary benefits, paid time off, and professional development opportunities.

Options

Sorry