Security Engineer III - Ransomware Governance

About The Position

Requirements

• Bachelor’s degree (B.S/B.A) from four-college or university and 5 to 8 years’ related experience and/or training; or equivalent combination of education and experience
• Networks with senior internal and external personnel in own area of expertise
• Demonstrates good judgment in selecting methods and techniques for obtaining solutions
• System implementation, installation, and disaster preparedness experience
• Reside in the state of California

Nice To Haves

• Alignment with NIST CSF, NIST 800‑61, CIS Controls, and industry best practices

Responsibilities

• Support the maturation and day‑to‑day operationalization of the ransomware recovery governance program through hands‑on process execution, documentation updates, and technical validation activities.
• Apply and enforce ransomware recovery maintenance policies by performing configuration checks, control verification, and operational compliance reviews.
• Coordinate and execute testing for protected applications, including technical recovery validation, dependency mapping, and test result analysis.
• Design and implement the application review and onboarding workflow, including technical assessments, readiness evaluations, and control implementation support.
• Develop and document the decision authority framework by gathering requirements, validating operational roles, and ensuring alignment with technical processes.
• Partner with incident response teams to build and refine the ransomware incident response plan, leading technical exercises, simulations, and tabletop scenarios.
• Contribute technical insights to future‑state technology assessments, tool evaluations, and ransomware resilience capability improvements.
• Review and enhance existing: Security policies and standards; Backup and recovery strategies; Risk management processes.
• Conduct detailed assessments of ransomware preparedness across: Technology platforms and infrastructure; Operational and recovery processes; Team readiness and skillsets.
• Identify gaps, document remediation requirements, and support implementation of technical and procedural improvements.
• Deliver a comprehensive current‑state ransomware preparedness assessment within the first 30 days.
• Develop and maintain a ransomware risk heat map, incorporating technical findings, test results, and operational insights.
• Support the creation of technical training materials and curriculum for operations and support teams.
• Prepare executive‑level presentations and reporting materials summarizing technical risks, findings, and progress.
• Establish and maintain a cyber recovery tracking repository and reporting dashboard, ensuring accurate and timely data collection.
• Other duties as required.

Benefits

• Medical provided through UHC (PPO, HSA, Surest options) / Medical provided through Kaiser (HMO option only) for California employees only
• Dental provided through UHC Nationwide
• Vision provided by UHC
• Flexible Spending Account for Health & Dependent Care
• Pre-Tax Account for Commuter Benefit/Parking & Transit (location-specific)
• Continuing Education and Professional Development via various integrated platforms, e.g. Udemy and Coursera
• Corporate Wellness Program provided by Goomi Group
• Employee Assistance Program
• Wellness Days
• 401k Plan
• Basic and Supplemental Life Insurance
• Short Term & Long Term Disability
• Critical Illness, Critical Hospital, and Voluntary Accident Insurance
• Tuition Reimbursement (available 6 months after start date, capped)
• Paid Time Off (accrued and prorated, maximum of 120 hours annually)
• Paid Holidays
• Any other statutory leaves, paid time, or other ancillary benefits required under state and federal law