Security Engineer III - Ransomware Governance

What this Job Entails: 

The Security Solutions Engineer III is responsible for protecting technological assets by establishing and enforcing system and network access controls. The Security Engineer will focus on the delivery of core security improvements and operations, specifically Ransomware Governance and Deadbolt (Bolt) Recovery. *The candidate needs to reside in the state of California*

Core Responsibilities:

• Support the maturation and day‑to‑day operationalization of the ransomware recovery governance program through hands‑on process execution, documentation updates, and technical validation activities.
• Apply and enforce ransomware recovery maintenance policies by performing configuration checks, control verification, and operational compliance reviews.
• Coordinate and execute testing for protected applications, including technical recovery validation, dependency mapping, and test result analysis.
• Design and implement the application review and onboarding workflow, including technical assessments, readiness evaluations, and control implementation support.
• Develop and document the decision authority framework by gathering requirements, validating operational roles, and ensuring alignment with technical processes.
• Partner with incident response teams to build and refine the ransomware incident response plan, leading technical exercises, simulations, and tabletop scenarios.
• Contribute technical insights to future‑state technology assessments, tool evaluations, and ransomware resilience capability improvements.
• Review and enhance existing: Security policies and standards; Backup and recovery strategies; Risk management processes
  

Your Roles and Responsibilities:

• Technical Assessment & Gap Remediation
• Conduct detailed assessments of ransomware preparedness across: Technology platforms and infrastructure; Operational and recovery processes; Team readiness and skillsets
• Alignment with NIST CSF, NIST 800‑61, CIS Controls, and industry best practicesIdentify gaps, document remediation requirements, and support implementation of technical and procedural improvements.
• Deliver a comprehensive current‑state ransomware preparedness assessment within the first 30 days.
• Develop and maintain a ransomware risk heat map, incorporating technical findings, test results, and operational insights.
• Support the creation of technical training materials and curriculum for operations and support teams.
• Prepare executive‑level presentations and reporting materials summarizing technical risks, findings, and progress.
• Establish and maintain a cyber recovery tracking repository and reporting dashboard, ensuring accurate and timely data collection. 
• Other duties as required. This list is not meant to be a comprehensive inventory of all responsibilities assigned to this position

Required Qualifications/Skills:

• Bachelor’s degree (B.S/B.A) from four-college or university and 5 to 8 years’ related experience and/or training; or equivalent combination of education and experience 
• Networks with senior internal and external personnel in own area of expertise
• Demonstrates good judgment in selecting methods and techniques for obtaining solutions
• System implementation, installation, and disaster preparedness experience
  

Salary Range

• Please note that the salary information provided herein is base pay only (gross); it does not include other forms of compensation which may or may not apply to this specific position, namely, performance-based bonuses, benefits-related payments, or other general incentives - none of which are guaranteed, may be subject to specific eligibility requirements, and are wholly within the discretion of Astreya to remit.
• Further, the salary information noted above is a range that consists of a minimum and maximum rate of pay for this specific position. Where an applicant or employee is placed on this range will depend and be contingent on objective, documented work-related considerations like education, experience, certifications, licenses, preferred qualifications, among other factors.

Astreya offers comprehensive benefits to all Regular, Full-Time Employees, including:

• Medical provided through UHC (PPO, HSA, Surest options) / Medical provided through Kaiser (HMO option only) for California employees only

• Dental provided through UHC

• Nationwide Vision provided by UHC

• Flexible Spending Account for Health & Dependent Care

• Pre-Tax Account for Commuter Benefit/Parking & Transit (location-specific)

• Continuing Education and Professional Development via various integrated platforms, e.g. Udemy and Coursera

• Corporate Wellness Program provided by Goomi Group

• Employee Assistance Program

• Wellness Days

  401k Plan

• Basic and Supplemental Life Insurance

• Short Term & Long Term Disability

• Critical Illness, Critical Hospital, and Voluntary Accident Insurance

• Tuition Reimbursement (available 6 months after start date, capped)

• Paid Time Off (accrued and prorated, maximum of 120 hours annually)

• Paid Holidays

• Any other statutory leaves, paid time, or other ancillary benefits required under state and federal law