Associate Director of Security Engineering

Position Summary

EFF is seeking a full-time Associate Director of Security Engineering to guide the continual improvement of the security of the organization’s digital infrastructure, users, and data as part of the Technical Operations Department. This role will prioritize changes to our systems, then coordinate with colleagues to plan and implement those improvements.

This a broad remit that will touch on areas including but not limited to authentication and authorization (Single Sign-On, Multi-Factor Authentication, etc.), network and server security, vulnerability and patch management, incident response, development processes, and any emerging issues you identify and prioritize.

This role is focused on EFF's internal security, but collaboration with our public-facing security experts and policy staffers will be encouraged.

Essential Functions:

Guidance & Planning - 40%

• Advise Tech Ops team members and Directors of other teams on security needs throughout the organization and guide them to resolution
• Review existing processes and technologies to identify opportunities for security improvements
• Actively participate in the design and implementation of applications, services, and infrastructure to ensure security and privacy design principles are followed
• Consult with our Help Desk/Client Platform Engineering team to ensure endpoint security

Implementation - 30%

• Implement security best practices across our cloud and on-premises IT environment
• Devise and deploy improvements to operational, network, and data security
• Monitor and take ownership of security-specific systems and processes
• Identify vulnerabilities across physical and virtual servers, containers, network and end-user devices, and prioritize remediation

Documentation, Training & Outreach - 20%

• Provide guidance and hands-on training to staff
• Develop and deliver documentation materials
• Plan and lead training sessions

Incident Response - 10%

• Should security incidents occur, lead incident response, investigate, and remediate as appropriate
• Other projects and tasks determined in collaboration with the Techops Director.

Qualities We’re Seeking (i.e. Competencies)

Successful candidates bring these qualities:

• Finely honed prioritization and delegation skills.
• Deep respect for user privacy and organizational security.
• Excellent verbal and written communication skills.
• Patient and compassionate deskside manner.
• Demonstrates care and respect toward coworkers, outside partners, members of the public, donors, and others with whom this role interacts;
• Highest level of integrity, judgment and professionalism.
• Works to positively and collaboratively resolve conflicts and overcome challenges
• Effective oral and written communication skills
• Ability to understand and articulate with accuracy EFF’s mission, positions, and work;
• Available and responsive to colleagues, outside partners and others over email, phone, and online chat, with the ability to respond and reliably to time-sensitive requests for assistance and opportunities during agreed upon working hours;
• Contributes to the creation of a diverse, equitable and inclusive work culture that encourages and celebrates differences including race, ethnicity, age, gender identity and expression, sexual orientation, religion, disability and socio-economic circumstance.

Required Education & Experience

• Experience with security engineering and/or security operations
• Experience providing deep exposure to securing production Linux environments, macOS user deployments, and cloud services.
• Experience provisioning new security programs and services into existing environments.

Preferred Education & Experience

• Experience securing cloud infrastructure including Azure AD/Office 365, Amazon AWS, Google Workspace, and others.
• Working knowledge of containerization and orchestration tools (such as Docker, Kubernetes).
• Working knowledge of Mobile Device Management (MDM) and/or Enterprise Detection and Response (EDR) tools and best practices.
• Experience leading and/or participating in incident response.

Classification: Exempt, Union, Full-time (40 hours/week)

Salary:  $110,000 - $120,500 DOE

Expected hours of work: Typically Monday - Friday

Reports to: Technical Operations Director

Supervisory responsibilities: None

Physical Demands: None

Location:  You may work from San Francisco or you may work from another U.S. location. This position will need to keep Pacific time zone hours.

Commitment to Diversity

As an advocacy organization, EFF is committed to being part of a diverse community. Diversity of life experiences makes a big difference in how we identify and litigate legal issues, design privacy-enhancing software, and organize our activism. To that end, we deliberately seek applicants with different perspectives, identities, and experiences to build an inclusive workplace to better inform our advocacy and defense of freedom in our digital world. EFF is an equal opportunity employer and encourages people of all races, genders, ages, abilities, orientations, ethnicities, and national origins to apply.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.