Senior Cyber Security Engineer

Join us and make a difference in global investor protection.

Who We Are

The Public Company Accounting Oversight Board (PCAOB), a nonprofit organization established by Congress, oversees the audits of public companies and SEC-registered brokers and dealers to protect investors and to further the public interest in the preparation of independent, accurate, and informative audit reports.

Our investor protection mission is focused on modernizing audit standards, enhancing audit inspections, and strengthening enforcement of PCAOB rules and standards and other related laws and rules. People are at the heart of our mission at the PCAOB. As we carry out that mission, we strive to uphold the highest standards in audit quality with investors’ families, savings, and futures in mind.

We are hiring mission-driven professionals interested in a career with purpose, competitive benefit offerings, and work-life flexibility. If you are interested in working with a diverse group of talented professionals to protect investors and drive audit quality and innovation while adhering to the highest standards of ethical and professional conduct, join us.

What We Offer

At the PCAOB, we offer a highly competitive compensation and benefits package with a focus on the health and financial well-being of our valued team members. Some of the features of our comprehensive Total Rewards package include:

Compensation – We support transparency, equity, and fairness in our compensation programs and provide a reasonable estimate of the salary range, based on data-driven market analysis, for each job posting. While it is not typical for an individual to be hired at or near the top of the range, a reasonable estimate of the salary range for this role in Ashburn, VA is $118,200 - $172,300. Team members may also be eligible for performance-based discretionary awards.

Hybrid work option – Staff will be assigned to the Ashburn, VA office. Staff can choose to live and work from anywhere within the United States but will be required to commute to their assigned office or location for occasional intentional gatherings or meetings at the frequency required by their supervisor. Travel to an assigned office or location for commuting purposes will not be considered reimbursable business travel, unless otherwise required by state law. Business travel is reimbursable in an amount not exceeding the cost to travel from the assigned office or location, unless otherwise required by state law.

Generous paid time off – Up to 6 weeks annually, in addition to 12 federal holidays, 2 floating holidays, and a year-end break from December 25 –31, 2024

Highly competitive 401(k) match and savings options – Immediate vesting and contributions matched dollar for dollar, up to 7 percent of eligible compensation. Roth in-plan conversion available.

Comprehensive and competitive health benefit offerings – Medical, dental, and vision plans

Supportive paid family leave benefits – Up to 16 weeks paid parental leave and up to 16 weeks paid caregiver leave

Life insurance benefits – Basic life and AD&D insurance provided; supplemental insurance also available

Education benefits – PCAOB staff qualify for the Public Service Loan Forgiveness (PSLF) program. We also offer student loan repayment assistance, staff college tuition assistance, and college coach program support.

Well-being and family resources – Mental health and well-being resources, paid volunteer time, emergency child/adult dependent back-up care services, family-forming assistance, discounted gym memberships, employee assistance program (EAP), health advocate program, and more

Commuter benefits – Tax-free employer subsidy and pretax employee deductions

Role Summary

The PCAOB has a full-time, regular position for a Senior Cyber Security Engineer in the Office of Data, Security and Technology (ODST) at its Ashburn, VA office. The Senior Cyber Security Engineer will be responsible for protecting system boundaries and ensuring that IT systems, applications and network devices are hardened against threats. The position will support the SOC as an advanced escalation point identifying and addressing potential information security incidents. In addition, the position will utilize exceptional communication skills to interact with both technical and non-technical colleagues, and to provide technical leadership for colleagues and the organization.

Responsibilities

Maintain next generation firewalls, web application firewalls, threat, and malware detection systems.

Perform advanced event and incident analysis, including baseline establishment and trend analysis.

Remain current on cyber security trends and intelligence in order to guide the security analysis & identification capabilities of the SOC team.

Responsible for the engineering, design, implementation, maintenance, analysis, and administration of PCAOB security technologies.

Participate in and lead projects for security requirements, network design reviews, and security testing for PCAOB network, systems, and other IT teams.

Coordinate with PCAOB systems, network, and development team to ensure network security standards are being followed and implemented correctly.

Evaluate new security technology & emerging threats and provide recommendations to strengthen PCAOB information security environment.

Coordinate the handling and resolution of incidents of security breach.

Identify requirements based upon need or as the result of a security issue that puts organizations systems at risk.

Perform internal and external penetration tests with multiple technologies.

Proactively conduct security threat analysis and recommend solutions to manage network, systems and application vulnerabilities.

Install, configure, and maintain PCAOB information security technologies.

Recommend effective security configurations and architecture.

Liaise with the ODST Teams to effectively communicate and architect security solutions.

Develop documentation to support ongoing security systems operations, maintenance, and specific problem resolution.

Develop effective policies to monitor, detect, and block Web Application threats based on OWASP top 10.

Implement and maintain native Microsoft security tools such as Defender for Cloud, Defender for Endpoints, O365, and Sentinel.

Collaborate with cross-functional teams to ensure and develop a secure architecture in hybrid environment.

Implement effective DLP policy to detect potential data breaches/data exfiltration.

Manage, configure, and audit security services leveraging NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171 standards.

Proactively hunt for threats by searching through log, network, and system data to find and identify undetected threats.

Provide support off hours in addition to regular work days to troubleshoot escalated issues and apply production changes where needed.

Work in a multi-office environment and willingness to travel to other offices as required.

Qualifications

Education/Technical Expertise

Bachelor’s degree in computer science, information technology, or similar field, or equivalent experience.

Minimum of 5+ years of information security experience with a focus on network, application, and architecture.

Minimum of 5+ years of security operations center experience with security monitoring and incident response.

Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.

Knowledge of email security gateway, cloud, and virtual technologies.

In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.

Knowledge of common security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.

Knowledge of the HTTP protocol, including analyzing the request/response.

Demonstrated experience with Palo Alto Firewalls, Web Application Firewalls, and endpoint security technologies.

Proven ability to clearly document and communicate security findings, risk description, risk level, and recommended solutions to stakeholders.

Understanding of networking and operating systems such as Linux and Windows.

Demonstrated knowledge of security industry standards and best practices such as OWASP, NIST, and ISO.

Excellent interpersonal, analytical, and problem-solving skills.

Proven ability to manage multiple tasks/projects.

In-depth knowledge of information security, endpoint security architecture, and software and hardware protection schemes.

Technical expertise in security-related hardware and software solutions and services, particularly in technologies related to anti-virus/anti-malware, IDS/IPS systems, firewalls, CASB and VPN solutions and services.

Knowledge of Microsoft Azure cloud services and infrastructure, with hands on experience in architecting a secure cloud solution.

Experience in cloud best security practices, including encryption, data protection, network security, and vulnerability management.

Proficiency in popular scripting and automation tools like Python and Azure PowerShell.

Preferred Qualifications

CISSP, CEH, CCSP, PCCSA, PCCSA, or other relevant certification preferred.

Equal Employment Opportunity

All PCAOB employees are entitled to equal opportunity and a professional work environment, free of discrimination and harassment. A workplace free of discrimination and harassment is fundamental to professional success and to the PCAOB's mission. The PCAOB will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.

#LI-Hybrid

R1006