The Cybersecurity Engineer, Benchmarks is part of the Security Best Practices (SBP) department, which resides on the Benchmarks Development Team (BMDT) and reports to the Team Lead, Benchmarks. CIS Benchmarks are computer system configuration guidance standards that are used worldwide to secure systems ranging from handheld devices to workstations to servers to network devices. The Cybersecurity Engineer, Benchmarks will lead the public technology communities under their care and orchestrate the development of community driven Benchmark documents, Automated Assessment Content (AAC), and Build Kits to promote the CIS mission and help support our growth. They will also assist in mentoring other BMDT personnel in process improvement and standardization.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry-leading best practices for securing IT systems and data. CIS is also a trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities and election offices.

CIS has an award-winning reputation for investing in its people (click here to learn more), as well as continuous learning and development. We offer our employees diverse opportunities to expand their impact personally and professionally, in their local communities, and among one another. Core Leadership Principles drive our employees at every level of the organization, empowering them to be leaders in everything they do.

• Base salary is determined on a number of factors including, but not limited to, education, experience and skills
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

• Lead and contribute to multiple public volunteer teams identifying, defining, testing, and documenting security requirements for key Linux/Unix technologies (security relevant configuration settings)
• Leverage CIS tools to develop, test, and deliver Benchmark prose (Microsoft Word, PDF, and Microsoft Excel), AAC (InSpec, SCAP, XCCDF, OVAL, etc.), and Build Kits (Ruby, Python, Bash, etc.)
• Coordinate internal/external resources for development and testing of Benchmark deliverables, and directly contribute to achieve deliveries on schedule (based on technical expertise)
• Develop test plans for Benchmark recommendations, AAC, and Build Kits
• Coordinate testing internally/externally and validate results
• Mentor and coach junior team members in a technical capacity
• Other tasks and responsibilities as assigned

• Bachelor's degree in a related field*
• 4+ years of hands-on experience managing/administering multiple computer systems in an enterprise (Linux and/or Unix)
• 3+ years of shell scripting development/debugging experience in Linux and/or Unix environments (Bash, Python, InSpec, Ansible, etc.)
• 2+ years of team leadership experience including project management, coaching, and mentoring
• 2+ years of experience in the practical application of cybersecurity concepts including implementing and/or assessing network, application, and/or operating system security controls
• Experience working in a diverse geographically distributed community (open-source software development, standards development, etc.)
• Experience developing or implementing standardized configuration security guidance (CIS Benchmarks, DISA STIGs, vendor guidance, etc.)
• Experience with testing software and/or system security configurations
• Must be authorized to work in the United States

It's a Plus if You Have:

• Linux configuration management experience (InSpec, Chef, Puppet, Ansible, etc.)
• Python and/or Ruby programing experience
• (ISC)2 CISSP certification
• PMI PMP certification
• Experience developing and enforcing security policy across an enterprise (PCI, HIPAA, NIST CSF, etc.)
• Experience within the security automation domain, including expertise in Security Content Automation Protocol (SCAP) related schemas, such as Open Vulnerability and Assessment Language (OVAL), Extensible Configuration Checklist Description Format (XCCDF), Common Configuration Enumeration (CCE) and Common Platform Enumeration (CPE), Open Security Controls Assessment Language (OSCAL), etc.
• Proficiency using Atlassian products Jira and Confluence
• Experience with Agile processes

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.