AVP, Information Security Engineer

COMPANY DESCRIPTION:  Forbright is a nationwide full-service bank and lender helping accelerate the transition to a sustainable and low-carbon economy. Headquartered in Chevy Chase, Maryland, Forbright is committed to accelerating the transition to a sustainable economy by financing visionary leader in clean energy, healthcare, technology, financial services, real estate, and other industries with extraordinary service.

COMPANY CULTURE:  We are a dynamic, high energy, fun, and fast-paced organization that has an exciting growth trajectory, meaningful mission, and embedded responsible environmental, social, and governance (ESG) practices into our daily interactions. We offer our team members a culture of collaboration, inclusion, flexibility, recognition, and giving back.  We look to hire individuals that are passionate about our mission, and who are motivated, customer and results-oriented, innovative, adaptable, and thoughtful.

COMPANY MISSION:  We are a mission-driven institution with an uncommon commitment to decarbonization and sustainability. As the need to build a more sustainable, low-carbon economic system grows increasingly urgent, we are dedicating half of our assets to financing the companies, investors, and innovators driving that change. We are reimagining how a bank should operate in a changing world.

JOB SUMMARY:  The AVP, Information Security Engineer is responsible for supporting the Bank's security operations, including but not limited to threat identification, intrusion detection, digital forensics, incident response, and the design, implementation, and maintenance of enterprise-wide on-premise and cloud-based security solutions. The role provides technical analysis, assessment, and recommendations in security situational awareness, operational, network, and applications systems security monitoring, and vulnerability management.

DUTIES AND RESPONSIBILITIES:

• Design and architect secure systems, networks, and applications to protect against cyber threats
• Evaluate and recommend security technologies and tools to enhance the organization's security posture
• Implement and manage security information and event management (SIEM) systems
• Conduct penetration testing and ethical hacking to identify and remediate vulnerabilities
• Define and assess compliance security configurations for hardware, software, and cloud services
• Provide expertise in security governance and compliance frameworks, e.g., CIS Benchmarks
• Develop and maintain security documentation, including security policies and procedures
• Define, conduct, and report on internal and 3rd party Red Team, Purple Team, and Blue Team assessments and exercises
• Collaborate with the Application and Development to ensure that all custom development, both on-premises and in the cloud, meets strict security guidelines
• Define, conduct, and report on digital forensics procedures, policies, and deliverables
• Conduct regular tabletop exercises to test and improve the effectiveness of incident response plans
• Active participation in the Information and Cybersecurity, Bank Vulnerability Management, and Data Loss Prevention programs, including efforts related to vulnerability remediation planning, tracking, implementation, threat research, log analysis, end-user security education and training, and recommendations for process improvement
• Participate in change management processes when remediating threats or vulnerabilities
• Provide after-hours and weekend analysis on an as-needed basis outside of general working hours
• Other projects as assigned

SUPERVISORY RESPONSIBILITIES:

• Supervise assigned employees by organizing and monitoring work progress
• Maintain staff by recruiting, selecting, orienting, and training employees
• Manage performance of employees through development, coaching, and counseling

QUALIFICATIONS:

• Bachelor’s Degree from a 4-year accredited institution and a minimum of 4 years of related experience required; or 8 years of Information Security experience required
• 4 years of Cybersecurity Engineering or Architecting experience required
• Cybersecurity-related certifications such as Certified Information Security Professional (CISSP), GIAC Defensible Security Architecture (GDSA), GIAC Certified Incident Handler (GCIH), CERT Certified Computer Security Incident Handler (CSIH), GIAC Certified Forensic Examiner (GCFE), and Offensive Security Certified Professional (OSCP)
• Experience and solid working knowledge of cybersecurity and network analysis tools, network topologies, intrusion detection methodologies, Windows systems, and preferably Linux systems analysis for evidence of compromise
• Familiarity with the requirements of NIST SP 800-53, FFIEC Booklets, and Critical Security Controls

ADDITIONAL DUTIES: For Forbright Bank to remain efficient and nimble as a growing organization, team members are expected to exhibit a high level of flexibility regarding any duties that may be situationally assigned outside of this job description.

PERKS/BENEFITS:

• Comprehensive health, dental, and vision plans
• 4 weeks PTO
• 401k + company match
• Metro SmartTrip benefits ($50/mo)
• Remote or hybrid work schedules for most positions
• Bonuses for purchasing solar panels, electric vehicles, biking to work, etc.
• Paid subscriptions to Veterans Compost, Imperfect Foods, and more!
• Best Workplaces for Commuters 2023 & 2024 winner
• The Washington Post Top Workplaces 2023 winner
• American Banker Best Banks to Work For 2023 winner

It is the policy of Forbright Bank to provide equal employment opportunities to all qualified individuals and to administer all aspects and conditions of pre-employment and employment without regard to protected characteristics.