IT Security Engineer I-III

IT Security Engineer

The IT Security Engineer will evaluate and oversee data security risks, develop security measures to safeguard information and data, and provide best practices and oversight for application security standards and best practices. The IT Security Engineer analyzes software designs and implementations from a security perspective, and identify and resolve security issues. The incumbent will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software. The IT Security Engineer acts as a project lead and as a subject matter expert for IT Security tools and processes.

Shift Information: General Monday - Friday shift with some flexibility, this may include work outside normal assigned hours in the event of serious systems problems or on-call scheduling.

Benefits: Low-cost medical, dental, and vision insurance PERSI retirement (fixed monthly income in retirement) Matching deferred compensation plan; optional 401(k) and Roth IRA Eleven (11) paid holidays; paid vacation, sick, and parental leave Free basic life, accidental death, and short-term disability insurance Wellness program Visit adacounty.id.gov/Human-Resources/Employee-Benefits to view details regarding our full benefits package.

Distinguishing Features Of The Class:

The IT Security Engineer I assignments are well defined and of limited scope and technical complexity, using standard procedures and techniques. Guidance is readily available from other team members or management. Schedules, milestones, and priorities are usually provided by management. The IT Security Engineer II assignments are well defined and of moderate scope and technical complexity, where technical supervision provides an outline of the tasks to be performed and suggestions as to methods of approach and procedure to be followed. Guidance is readily available from other team members or management. Consults with team leader and/or management to develop schedules, milestones, and priorities. The IT Security Engineer III Assignments are of a complex nature and require technical sophistication, including the generation and use of new techniques. Guidance is given in the form of general instructions on new assignments. Ensures that schedules, milestones, and priorities are compatible with other department goals and projects. May act as a team or project leader on smaller projects.

Essential Functions:

IT Security Engineer I

• Perform level 1 application security functions;
• Design, implement and manage security tools and systems (IDS, IPS, VPN, WAF, DLP, Anti-Virus, Anti-Malware, honeypots, SEIM, Vulnerability Scanners, Web Proxies, Forensic toolkits, MFA, key management) in a heterogeneous computing environment that spans multiple physical and virtual data centers;
• Install, configure and maintain security controls such as intrusion detection systems, packet capture devices, data loss prevention tools, and other commercial off the shelf and open source security tools;
• Enhance the security posture of internal infrastructure and client-facing systems;
• Perform risk assessments, vulnerability management, penetration testing and patch management for Unix/Linux, Mac, Windows systems and web applications;
• Understanding of attack vectors, exploits, and hacking tools;
• Detect, investigate and recover from security incidents as well as assisting with incident response plans;
• Responsible for raising company-wide security awareness and monitoring information security related web sites and newsletters to stay up to date on current attacks and trends;
• Assist the Security Engineering Team with evaluation of new and emerging security tools and technologies;
• Maintain technical documentation;
• Consult team members on secure coding practices;
• Administer network and computing devices/systems that enforce security policies and audit controls in Windows and Unix based environment;
• Perform network traffic inspections, network traffic monitoring, and log analysis;
• Recommend the application of fixes, patches, and recovery procedures in the event of a security incident;
• Recommend software tools and/or other solutions for technical challenges involving IT Security processes.

IT Security Engineer II

• In addition to the above;
• Management of all technical security equipment, including IDS/IPS devices, Data Loss Prevention equipment, web content filtering equipment, SEIM;
• Responding to alerts and investigating potential security incidents;
• Ensure that daily compliance tasks are completed in a timely fashion and tracked in the appropriate ticketing system;
• Perform access certifications and other identity and access management related tasks;
• Work closely with developmental operations and software engineering to proactively identify and fix security flaws and vulnerabilities;
• Knowledge in compliance procedures and protocols for Internal audit;
• Troubleshoot and repair issues with operating systems and security applications;
• Perform on-going security testing and code review to improve software security;
• Provide engineering designs for new software solutions to help mitigate security vulnerabilities;
• Design, implement and maintain networking equipment including but not limited to Firewalls, Switches, Routers, etc.;
• Automate routine day-to-day tasks to reduce operational overhead;
• Create reports from various IT Security systems for the purpose of monitoring critical activities and providing security metrics to IT security management;
• Coordinate external assessment teams to complete audit and security assessments.

IT Security Engineer III

• In addition to above;
• Conducts monthly security risk assessment meetings with the IT Operations team;
• Provide technical expertise and guidance for security tools that control and monitor information security;
• Design architecture to include the software, hardware, and communications to support the total requirements as well as provide for present and future cross-functional requirements and interfaces;
• Responsible for developing high level system design diagrams;
• Ensures these systems are compatible and in compliance with the standards for open systems architectures, the Open Systems Interconnection (OSI) and International Standards Organization (ISO) reference models, and profiles of standards - such as Institute of Electrical and Electronic Engineers (IEEE) Open Systems Environment (OSE) reference model - as they apply to the implementation and specification of Information Management (IM) solution of the application platform, across the application program interface (API), and the external environment/software application;
• Evaluates analytically and systematically problems of work flows, organization and planning and develops appropriate corrective action;
• Assess and review current technology infrastructure to identify key risk areas, and ensure adequate levels of controls are in place to address those risks;
• Conduct vendor risk assessments of critical vendors annually including questionnaires, follow up calls, creating assessment reports and remediation of findings.

Job Requirements:

IT Security Engineer I

• Bachelor's degree from an accredited university in Computer Science or related field or equivalent combination of education and experience;
• Minimum of ten (10) years of experience in Information Technology;
• Minimum of three (3) years of experience in IT Security or Networking is required;
• Minimum of two (2) years of experience in scripting and automation is required;
• Experience in networking and scripting/automation is preferred;
• At least one professional certification required [Security +, OSCP, CISSP, CISM, GIAC, CISA, CCNP];
• Using enterprise vulnerability scanning tools;
• Familiarity with penetration testing techniques, tools, methodologies;
• Good understanding of network protocols and ability to perform network traffic analysis and packet inspection;
• Understanding of DDoS mitigation, and intrusion detection and preventions systems;
• Public and private cloud technologies;
• Understanding of DevOps, CI/CD, and up and coming mechanisms for automation;
• Well versed in at least one leading scripting language: Python, Ruby, Perl, bash;
• Familiarity with Agile or other Software Development Lifecycle;
• Familiarity with Object-Oriented programming (languages such as C++, Java);
• Operating systems;
• Cryptographic solutions for data at rest, in transit, in use (SSL, PKI, IPSec, x509);
• Standards and Frameworks (NIST, ISO, PCI, SOX, PII, etc.).

IT Security Engineer II

• In addition to the above;
• Minimum of twelve (12) years of experience in Information Technology;