Cybersecurity Engineer

Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com.

Are you passionate about staying ahead of evolving cyber threats? Do you thrive in fast-paced environments, love hardening systems, and continuously seek to improve security posture? We’re looking for a proactive Cybersecurity Engineer who’s technically sharp, process-driven, and excited to help secure modern cloud-first environments.

What You’ll Do

• Report to the Director of Cybersecurity and support security operations across Bonterra’s distributed environment.

• Assist with incident response by maintaining IR playbooks and leveraging security technologies—such as SIEM, XDR, email security, and identity protection tools—to triage, investigate, and remediate incidents.

• Support vulnerability management efforts, including tracking existing and newly discovered vulnerabilities, generating reports on vulnerability trends and exposure, advising operational teams on appropriate remediation actions, validating fixes, tracking remediation progress, and reporting on residual risk.

• Assist the Senior Cybersecurity Engineer with internal and third-party network penetration testing efforts, including scoping, planning, coordination, execution support, remediation validation, and documentation.

• Contribute to the implementation and continuous improvement of security controls across user devices, servers, cloud infrastructure, and SaaS environments. Responsibilities include system hardening, validating configurations against security benchmarks (e.g., CIS), and aligning with frameworks like NIST CSF.

• Support security compliance and audit activities, including control validation, evidence gathering, and gap remediation (e.g., SOC 2, ISO, PCI).

• Contribute to the development and refinement of incident response, disaster recovery, and business continuity plans, ensuring they're actionable, tested, and aligned with business risk.

• Support threat protection efforts by assisting with endpoint threat detection, identifying and responding to malware or viruses, and monitoring systems for signs of compromise or suspicious activity.

• Develop and deliver reporting that correlates threat data from multiple sources to support detection, response, and risk decisions.

• Research and evaluate new security tools and technologies, and assist in their implementation and integration into the broader technology environment.

What You Bring

• 3–5 years of experience in technical security roles, ideally with a background in systems, infrastructure, or DevSecOps.

• Hands-on experience with:

  • Security tools such as SIEM (e.g., Sentinel, Splunk), XDR (e.g., Microsoft Defender XDR, CrowdStrike Falcon), IDS/IPS, and cloud and SaaS security posture management platforms

  • Vulnerability management platforms (e.g., Tenable, Qualys)

  • Cloud environments (especially AWS)

• Strong understanding of common security frameworks and compliance standards (e.g., NIST CSF, CIS Controls, ISO 27001, SOC 2, PCI, HIPAA), with experience applying them to guide control design, risk mitigation, and audit readiness.

• Ability to communicate complex topics clearly and confidently across technical and non-technical stakeholders.

• Sharp judgment in balancing risk mitigation with operational impact.

What Sets You Apart

• Experience in cloud security design and implementation for AWS, Azure, or hybrid environments.

• Deep understanding of endpoint protection, especially in cloud and remote-first environments.

• Experience using AI and automation to streamline tasks such as incident triage, vulnerability analysis, compliance evidence collection, and report generation.

• Experience assisting with the integration of newly acquired companies by evaluating their security environment and aligning systems, applications, and processes with organizational security standards.

Our Culture:  At Bonterra, we’re innovating with a higher purpose: to increase giving to 3% of US GDP by 2033, creating $573 billion more in global impact every year. To achieve our vision, we cultivate an inclusive environment where diversity is embraced and every team member feels empowered to contribute. Innovation, curiosity, and a commitment to equity guide our work. We foster a culture of belonging, ensuring that every individual is valued, respected, and given the tools to succeed. Together, we are dedicated to making a positive impact in the world.

Our comprehensive and competitive benefits include:

• Generous Flexible Time Off (FTO) Policy

• Up to 15 paid company holidays including some commemorating social justice events and self-care

• Paid volunteer time

• Resources for savings and investments

• Paid parental leave

• Paid sick leave

• Health, vision, dental, and life insurance with additional access to health and wellness programs.

• Opportunities to learn, develop, network, and connect

Please note the benefits specified on this page are applicable to full-time employees based in the United States. For international employees, actual benefits may vary based on local standards and regulations and will be determined in accordance with regional considerations, including but not limited to applicable laws and industry norms.

We are committed to being an equal opportunity employer and evaluate qualified applicants without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, diversity of thought and any other characteristic protected by applicable law.