Cyber Security Engineer

The ACLU seeks applicants for the full‑time position of Cybersecurity Engineer in the Information Security Department of the ACLU’s National office in New York, NY
. This is a hybrid role that requires two (2) days per week in‑office or eight (8) days per month.

As the Director of Security Architecture & Engineering
, this hands‑on technical role is responsible for securing the ACLU’s infrastructure, endpoints, and cloud services by reducing vulnerability risk, improving control enforcement, and operationalizing core data protection strategies.

This role is ideal for a security engineer who thrives at the intersection of infrastructure, identity, and data‑to‑turn policy into technical enforcement. The engineer will drive progress across cloud posture, endpoint compliance, DLP, and insider risk detection, ensuring controls are defined but also deployed, measurable, and resilient in production environments.

This position is part of a collective bargaining unit and is represented by ACLU Staff United (ASU).

Reporting to the Director of Security Architecture & Engineering
, the Cybersecurity Engineer will be accountable for executing core infrastructure and endpoint security priorities across cloud, network, and device environments.

• Implement and manage cloud security posture tooling and alerts, ensuring visibility into configuration drift, over‑exposure, and high‑risk services.
• Lead the vulnerability management lifecycle — including scanning, prioritization, stakeholder coordination, remediation tracking, and reporting.
• Deploy and enforce secure configuration baselines across managed devices (Windows, macOS, mobile), including disk encryption, patch compliance, and privileged access.
• Identify exposed services and reduce attack surface across infrastructure and endpoint environments using automation and policy‑based enforcement.
• Develop and maintain secure configuration management practices across IAM, network segmentation, endpoint posture, and SaaS platforms.
• Engineer and support enterprise Data Loss Prevention (DLP) tooling, including policy definition, control enforcement, and incident response workflows across email, endpoint, and cloud.
• Implement and tune insider threat detection signals using endpoint telemetry, behavior analytics, and identity context, in coordination with Security Operations.
• Serve as a technical escalation point for endpoint, cloud, and identity security issues impacting control integrity or coverage.

• Be committed to advancing the mission of the ACLU.
• Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives.
• Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts.

• Demonstrated experience in security engineering, cloud/infrastructure security, or endpoint protection.
• Strong working knowledge of DLP, data classification, and endpoint telemetry tooling (e.g., Microsoft Purview, Intune, Defender for Endpoint, Jamf, etc.).
• Hands‑on experience with vulnerability management platforms and remediation coordination.
• Experience designing and deploying secure configurations across Windows, macOS, and mobile environments.
• Familiarity with insider risk detection tooling or behavioral analytics platforms is a strong plus.
• Proficiency with scripting or infrastructure‑as‑code (e.g., Power Shell, Python, Terraform).
• Excellent communication and cross‑functional collaboration skills, particularly across IT, Legal, and Privacy stakeholders.
• Commitment to securing digital systems in a mission‑driven and rights‑centered environment.

The annual salary for this position is $137,206 (Level – F) for work in New York, NY. Salaries are subject to a regional pay adjustment if authorized to work outside this location.

• Generous paid time‑off policy.
• Comprehensive healthcare benefits (medical, dental, vision, parental leave, gender‑affirming care & fertility treatment).
• 401(k) plan with employer match.
• Annual professional development funds and internal programs.