Information Security Engineer

Position Summary:

• This position will focus on security deliverables for the STARS project. If this position is not filled, ADOR InfoSec will be behind in operations, and compliance, and will not be able to support all non-STARS-related projects.
• The STARS Information Security Engineer will support the planning, design, engineering, upgrading, and monitoring of security protocols and systems for the protection of the organization's computer applications, infrastructure, networks, and data.

Responsibilities:

• Perform system security assessments as required per state and federal law. Understand State and Federal security requirements for the project scope, preferably with prior experience with control frameworks (e.g., NIST, HITRUST, COBIT, COSO, and ISO) to drive IT privacy and regulatory compliance.
• Manage and organize the Plan of Action and Milestones for STARS. Create, monitor, and update security findings and associated metrics for STARS. Assess, engineer, and recommend solutions for security and technical teams on STARS.
• Collaborates and partners with internal and external technical teams. Performs risk assessments, audits, and tests to ensure the proper functioning of data processing activities and security measures.
• Collaborates with analysts, engineers, and architects to improve security team processes using AMS principles. Collaborates with users to discuss computer data access needs, identify security threats and violations, and identify and recommend needed programming or process changes.
• Reviews project documentation and attends project meetings to ensure continuity and support of design and operations.
• Safeguards system security and improves overall server and network efficiency by training users and promoting security awareness.
• Develops and implements plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure; adheres to emergency data processing needs. Reviews violations of security procedures; provides training to ensure violations do not recur.
• Reviews security policies, standards, and procedures and recommends changes based on current trends and needs. Identify opportunities to automate various privacy and data protection compliance activities to reduce the overall cost of compliance. Performs other related duties as assigned.

Skills Required:

• Ability to collaborate, coordinate, and effectively communicate which is essential to drive work without direct authority.
• Technically proficient, with an understanding of emerging technologies and security engineering frameworks and practices.
• Demonstrated problem-solving and analytical skills.
• Proficient, or able to gain rapid proficiency with a broad array of security software applications and tools. Understanding and experience with computer-related security systems including firewalls, encryption, password protection, authentication, and authorization, preferably with modern protocols and frameworks.
• Experience with DevSecOps, preferably in public cloud AWS and Azure environments.
• Excellent verbal and written communication skills. Organized with attention to detail. Security or risk certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), and/or CIPP (Certified Information Privacy Professional) certifications are a plus.
• Experience working with products in the following categories Enterprise password and key vaults Vulnerability scanning and management SIEM PKI Open Source Vulnerability detection and remediation Continuous, automated security validation in software development CI/CD pipelines.

Experience Required: At least four years of experience in computer information systems with a specialization in security engineering preferred.

Education Required:

• Bachelor's degree in Computer Science, Programming, or a related field is required.
• M.B.A. in Information Systems preferred.