Security Engineer

Organization

Doctors Without Borders/Médecins Sans Frontières (MSF) is an international humanitarian organization that delivers impartial medical care to people affected by conflict, epidemics, disasters, or exclusion from health care in over 70 countries.

We welcome candidates who bring a wide variety of backgrounds and experiences to join us in working toward MSF’s common mission.

Department

The Systems Department in the U.S. office of Doctors Without Borders/ Médecins Sans Frontières (MSF) is comprised of four technology teams: Digital Internal Operations, Product & Innovation, Infrastructure & Operations, and Helpdesk., Together they provide the vital products and services so that MSF-USA can achieve its ambitious new Strategic Plan (2022-2025).

Project

The Security Engineer is responsible for improving the security and integrity of our technology operations and products. Reporting to the Director of Infrastructure and Operations, this role will be advancing the security posture of MSF-USA in several domain areas. These are, but not limited to: Application Security, Vulnerability Management, Security Incident response, privacy engineering and penetrating testing.

You are responsible for:

Collaborating with Information Security and Data Protection colleagues to advance enterprise risk management across MSF-USA.

Define and set priorities and roadmaps for security and privacy within the Systems department.

Support MSF-USA achieve PCI compliance as well as any other regulatory and compliance needs.

Work with our Product and Innovation team on new prototypes, products and data products for MSF-USA and the movement. See MSF’s Science Portal as an example of an ongoing product that was launched last year. https://scienceportal.msf.org/... our fundraising team by being a technical advisor on areas of security engineering and best practices.

Tasks

In the first 100 days

• Work with the Infrastructure team on selected cyber security remediations
• Work with the Information security and risk managers to understand the context and organizational priorities.
• Develop relationships with the Product and Innovation teams to understand how to collaborate across new and existing products and services of MSF-USA.
• Work with the DevOps Engineer to develop a DecSecOps strategy for our Azure infrastructure.

In six months

• Work with the Risk team to work on PCI compliance for MSF-USA as well as any other emerging regulatory requirements.
• Work with the Director of Infrastructure to mainstream security best practices in our cloud infrastructure. MSF-USA is a hybrid organization, aiming to be cloud native by late 2024.
• Collaborate with MSF-USA's fundraising team team on answering any questions, assisting the general security posture of their fundraising stack.
• Support relevant technical colleagues in using secure software engineering practices.

In one year

• Rollout a new security strategy for relevant technology projects to be mainstreamed within the project management methodology for MSF-USA.
• Contribute to the updating of Information Security and Data Protection policies and processes.
• Conduct security reviews for potential projects and/or applications for development and delivery in 2023.
• Provide a strategy and necessary budgetary requirements to enhance the security portfolio across relevant MSF-USA domains for 2024.
• Start working with international colleagues in relevant platforms and projects around security engineering.
• Collaborate with the Director of Infrastructure and the risk team on a plan for Threat Intelligence at MSF-USA and where needed include relevant international stakeholders.

Qualifications

Required

• 3-5+ years of providing subject matter expertise in security engineering
• Experience establishing and deploying security and privacy efforts to actively reduce security risks at a complex organization.
• Azure or equivalent cloud computing experience (e.g., AWS)
• Must have at least 1 year of experience delivering application or infrastructure security solutions. That experience preferably would include working with Product Managers or Infrastructure teams to analyze and propose security standards, methods and architectures.
• Strong communication skills with both technical and non-technical stakeholders
• Comfort working in a collaborative, associative, and democratized team structure
• Passion and commitment for the mission and values of MSF
• A commitment to Diversity, Equity and Inclusion

Preferred

• Experience at large organizations and/or NGOs
• Ability to plan and report frameworks (for example: KPI/OKR results reporting)
• Interest in technology issues of relevance for humanitarian organizations (whether in an headquarter or field setting)
• Ability to working with a wide range of external partners to ensure delivery. Some previous examples: large technology companies, implementation vendors, consultants, developers.

Additional Technology Considerations for Applicants

The role is focused on emerging technologies and novel solutions, any familiarity with our current stack is a bonus. Lack of familiarity with any specific language or technology is not grounds for exclusion. MSF is largely within the Azure/Microsoft environment and the following tools should give candidates a sense of our approaches: Python, PowerShell, Javascript (inc. frameworks), .NET, SQL databases, and Apache Superset. Candidates will have space to propose ongoing improvements. We encourage candidates to apply even if you do not meet all line items mentioned. Mostly of all we are eager to bring in a person who is enthusiastic and a good fit for our team.