VEIC is a sustainable energy company on a mission to generate the energy solutions the world needs. For over 30 years VEIC has been working with governments, utilities, foundations, and businesses across North America to develop and deploy clean energy services that provide immediate and lasting change. With expertise in energy efficiency, building decarbonization, transportation electrification, and new approaches for a clean and flexible grid, VEIC brings innovative solutions to the market. VEIC is nationally recognized for developing pilots and programs that optimize energy use, reduce energy burdens for low-income customers, and advance new technologies. In addition to our full-service consulting business (Energy Services), VEIC administers three large-scale sustainable energy programs: Efficiency Vermont, Efficiency Smart, and the DC Sustainable Energy Utility (DCSEU). 

Under the direction of VEIC’s Information Security Manager, the Information Security Engineer I coordinates the day-to-day operations of the Information Security function at VEIC. The Information Security Engineer I advises the Information Security Team on emerging vulnerabilities and newly introduced risks to company systems and takes a proactive approach in continually assessing the security of company systems throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities.

The Information Security Engineer I is a hands-on technologist responsible for the implementation, administration, maintenance, and troubleshooting of all information security technologies used by VEIC to assure the confidentiality, integrity, and availability of company data and information systems consistent with VEIC’s information security policies, guidelines, standards, and controls.

The Information Security Engineer I models and promotes a culture of information security across the organization.

We are committed to building an inclusive work community that represents a vibrant diversity of background, experience, perspective, and thought. Climate change impacts all of us; however, we are impacted differently based on our identities and experiences. We all deserve a place at the table to make decisions about our collective future – we hope you’ll consider joining us as we work towards our vision for a healthy planet, thriving people, and energy justice.

• Supports the implementation of security controls, the enforcement of policies, and the monitoring of systems needed to ensure compliance with business and customer requirements.
• Under the direction of Manager, Information Security participates in and/or manages security projects, including the implementation and maintenance of information security technologies.
• Acts as a first-line point of contact within Information Technology related to information security technologies, policies, and procedures
• Works in collaboration with Information Technology colleagues on technology and process improvement efforts.
• Develop an understanding of the IT systems VEIC uses and how they provide value to the business.
• Collaborates with internal stakeholders, providing assistance and support of simple to medium complexity issues.
• Proactively identifies and escalates security issues, risks, or operational performance concerns.
• Performs investigative tasks of low to medium level complexity and supports investigative efforts under the direction of the Manager, Information Security, as required.
• Participates in incident response and recovery efforts.
• Provides training and guidance to VEIC staff and teams on Information Security risk in support of organizational and departmental initiatives.
• Assists in audits of VEIC’s Information Security controls and systems.
• Promotes a culture of information security across the organization.
• Supports activities of other staff within VEIC as is necessary to accomplish organizational goals and objectives.
• Administrative tasks, reporting, and communication with the relevant stakeholders in the organization.

• Strong personal commitment to the mission, vision, goals, and values of VEIC.
• Strong professional desire to work in the information security field.
• Strong understanding of information security concepts.
• One to two years experience in an information security capacity in a professional environment or a similar combination of education and experience from which comparable knowledge and skills are required.
• Basic proficiency in core infrastructure technologies, including business-class operating systems such as Windows and Linux, TCP/IP networking, storage systems, virtualization, and containerization.
• Entry-level proficiency in scripting or programming languages such as PowerShell or Python.
• Familiarity with security solutions such as vulnerability scanning, event log management, endpoint security, firewalls, and web application firewalls.
• Familiarity with cloud technologies and concepts.
• Familiarity with digital forensics tools and procedures.
• Familiarity with physical security.
• Excellent interpersonal skills, written and oral communication skills, and takes a customer-first service approach.
• Analytical and problem-solving skills.
• Ability to be organized, detail-oriented, accurate, and able to handle multiple tasks and competing priorities in a dynamic and fast-paced environment.
• Ability to relate to non-technical users in user-friendly language.
• Commitment to continuous learning and professional development

Preferred:

Information Security Certification(s) such as GSIF, CC, SSCP, or Security+