Information Security Engineer
About the role
The Information Security Engineer is responsible for enhancing and maintaining the security that protects Jefferson County’s data, systems, and networks. Provide expert recommendations and hands-on guidance, while influencing and collaborating with operational IT teams, law enforcement agencies, and external security organizations to foster a culture adhering to the Confidentiality, Integrity, and Availability principles of information security.
Responsibilities
- Performs all duties of a cybersecurity analyst: Provides cybersecurity support, identification, analysis, issue resolution, and implementation and integration of cybersecurity solutions
- Maintains security technologies and promotes security awareness
- Designs and implements security solutions, mitigates cybersecurity threats, and ensures compliance with government security policies and regulations
- Collaborates with senior security team members on various projects
- Serves as a primary escalation point during incidents, aiding in mitigation and containment, and offering strategic insight and recommendations to strengthen incident response protocols and prevent reoccurrence
- Researches, designs, and implements cyber security solutions for organization systems and products that comply with all applicable security policies, standards, and regulations
- Supports software development teams to ensure secure coding practices are followed
- Assists with user access management and account provisioning
- Analyzes and makes recommendations to improve network, system, and application architectures
- Examines network, server, and application logs to determine trends and identify security incidents
- Responds to audits, penetration tests, and vulnerability assessments
- Mentors and provides guidance to junior team members
- Researches emerging security technologies, threats, vulnerabilities, regulatory changes, and industry trends and best practices to ensure compliance and proactive security measures
Requirements
- At least three (3) years of professional, hands-on experience designing, implementing, supporting, or securing IT systems, networks, applications, or cloud environments
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
- OSCP, OSEP, GIAC CSEC, CISSP, CISM, CIPM or equivalent preferred
Qualifications
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- Strong problem-solving and trouble-shooting skills
- Day-to-day general management of cybersecurity
- Strong customer service skills in various formats and settings
- Professional verbal and written communication in presentations, written communication, and oral discussion
- Ability to clearly communicate complex technical concepts to both technical and non-technical audiences and adjust communication from executives to end users
- Exceptional interpersonal skills with the ability to collaborate effectively with other team members of different backgrounds and levels of experience
- Possess a growth mindset and ability to consistently demonstrate a positive demeanor, good attitude and behavior in the workplace
- Self-motivated and possessing of a high sense of urgency and personal integrity
Skills
- Broad operating system knowledge, Windows (workstation and Server), Linux, mobile operating systems
- Strong security knowledge to include firewall, IDS/IPS, web server security, wireless security, cloud, OT, and cryptography
- Experience designing, implementing, integrating, and maintaining enterprise cybersecurity technologies, including Active EDR, SIEM, database security, and vulnerability management
- Proficiency in at least one scripting language (e.g. Python, PowerShell) for automation and security monitoring
- Experience designing, implementing, and maintaining security automation solutions using scripting, APIs, workflow automation, and orchestration tools to improve operational efficiency and strengthen cybersecurity operations
- Understanding of cybersecurity frameworks and standards such as NIST, CIS, and ISO 27001
- Familiarity with compliance regulations relevant to government entities (CJIS, HIPAA, PCI, PII)
- Strong knowledge of ITIL or equivalent methodology
Benefits
Jefferson County offers a generous benefits package that supports your personal and professional life. Benefits include medical, dental, and vision insurance; paid time off and holidays, including a starting bank of 40 hours of PTO for new hires; retirement matching; wellness programs; tuition reimbursement; flexible schedules; remote work options; and more.
Pay
Hiring Range: $118,000 - $122,000 USD Annually
Schedule
This position operates on a hybrid schedule of 40 hours per week. The role is primarily remote, with one scheduled in-office day per week and additional on-site work as needed.