Apply on Employer Site

Wake County · 9 hours ago

IT Security Engineer - Hybrid - 90% Remote

Raleigh, NC

Full-time

Hybrid

Mid Level

$89K/yr - $161K/yr

3+ years exp

Wake County is seeking an IT Security Engineer to enhance their information technology and security engineering efforts. The role involves designing, implementing, and maintaining security controls and platforms, while collaborating with IT and business teams to manage security risks and ensure compliance with regulations.

GovernmentHealth CareLaw EnforcementOffice Administration

Responsibilities

Design, implement, administer and maintain enterprise information security platforms and solutions

Monitoring potential security incidents and events

Vulnerability and threat assessment and remediation

Threat intelligence operationalization

Security platform assessment and selection

Security awareness and training

Security consulting for internal teams and departments regarding appropriate applications, configurations, policies, and controls

Develop, document and test organizational incident response plans, disaster recovery plans and business continuity plans

Manage complex security incidents, including coordination with internal and external resources

Maintain defensible evidence

Manage and conduct internal and external audits and assessments

Manage vendor and third-party risk, including ongoing assessments and remediation plans

Develop, implement and manage security and risk policies, procedures, standards and guidelines

Design, implement and assess security controls to meet industry best practices and legal and regulatory requirements

Perform security incident and threat management, including monitoring security events, identifying abnormal/malicious behavior, investigating, triaging and remediating security incidents

Plan, coordinate, implement and support information security measures and platforms to protect data, software and hardware

Perform information security risk assessments, including service specific risk assessments, networks and systems, data security, network infrastructure and reporting on security status and incidents

Develop and maintain complete security documentation related to security design, implementation, processes and practices

Provide consultation to business units and technology teams on security best practices and ongoing requirements

Qualification

Security OperationsIncident ResponseGovernanceRiskComplianceCISSP CertificationVulnerability AssessmentDisaster Recovery PlanningProblem SolvingCommunication SkillsOrganizational SkillsTeam Player

Required

Bachelors degree in Computer Science, Information Systems, Computer Engineering or a related field

Three years of experience in security design and administration

Equivalent education and experience are accepted

Please include ALL prior work experience on your application and resume

Meticulous attention to detail

Outstanding problem-solving skills

Ability to work comfortably under pressure

Ability to deliver on tight deadlines and in accordance with legal and regulatory requirements

Perform security incident and threat management, including monitoring security events, identifying abnormal/malicious behavior, investigating, triaging and remediating security incidents

Plan, coordinate, implement and support information security measures and platforms to protect data, software and hardware

Perform information security risk assessments, including service specific risk assessments, networks and systems, data security, network infrastructure and reporting on security status and incidents

Develop and maintain complete security documentation related to security design, implementation, processes and practices

Provide consultation to business units and technology teams on security best practices and ongoing requirements

Preferred

Active Certified Information Systems Security Professional (CISSP), Security+, or equivalent security certifications are preferred

Experience implementing security controls governed by legal and regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI)

Experience administering, maintaining and troubleshooting enterprise security platforms, including but not limited to firewalls, intrusion detection/prevention, web filtering, vulnerability management, endpoint protection, email protection and encryption

Experience defining security standards and incident response plans to detect, respond and recover from security incidents, including analyzing incident related data and implementing containment and eradication strategies

Experience performing vulnerability assessments and penetration testing and defining effective remediation plans

Experience developing, implementing and testing business continuity and disaster recovery plans

Advanced knowledge and understanding of information security architecture, technologies, best practices and controls

In depth knowledge of common Information Security frameworks and standards and compliance and regulations such as ISO 27001/27002, NIST, PCI-DSS, HITRUST, HIPAA, HITECH

Solid organizational skills with the ability to thrive in a sense-of-urgency environment, leveraging best practices and approaching any problem as team-player with a can-do attitude

Ability to manage time and prioritize the most important tasks within a given time period

Detail oriented with excellent problem solving, analytical, communication and organization skills

Desire to maintain up-to-date knowledge of developments in security technology, trends and issues