Security Engineer

REPORTS TO:                    Director of Technology Services

STATUS/HOURS:              Full time, 12 months/year, minimum 40 hours/week.  Schedule may vary according to departmental and Academy needs.

*THIS IS NOT A FULLY REMOTE POSITION AND WILL REQUIRE DAYS IN THE OFFICE*

Pay Group

Type

Status

Fiscal Year Weeks

Class

Department

 Location

SemiMo.(Salaried)

Regular

Full-Time

   Full year (52 weeks)

Staff

Information Technology

Hybrid

Position Purpose

Responsible for continued development, monitoring and support of the Academy’s information security program. This includes leading in the planning, deployment, and support of a variety of security policies, concepts and technologies, regulatory compliance auditing, end user education programs and technology-based fraud and cybercrime prevention.

Job Responsibilities

Security Engineer Role Expectations

• Develop and maintain IT Security and Compliance Policy Framework
  • Clearly defines systemic risks and potential impacts along with the probability of an event caused by the defined risk. Recommend acceptable risk levels to assist in decision-making.
  • Develop and maintain relationships with business and IT leaders, developers, architects and other stakeholders to support and facilitate risk management enhancements.
  • Develops written responses to security audit findings, prepares project plan with IT colleagues to prioritize and resolve findings, follows up on and participates in resulting action items.
  • Maintains up-to-date knowledge of all regulatory compliance requirements with which the Academy must comply.
  • Reviews policies and procedures annually for simplicity, accuracy and completeness.
• Develop and maintain IT Security Requirements for critical systems
  • Define requirements for operating system, third party software and internally developed application builds, patching and vulnerability scanning.
  • Define and maintain requirements for additional technologies related to:
    • anti-virus/anti-malware
    • data loss prevention
    • device encryption
    • mobile device management
    • proxy/web content filtering
    • user account management
    • other security-related technologies, as required
  • Recommends and Assists in Implementing IT Security Controls and Systems
    • Review configuration of security-related devices and applications, including but not limited to CrowdStrike EDR/XDR, firewall, proxy, JAMF, Kace SMA and Active Directory GPO configurations.
  • Proactively meets with Department leaders on security matters and associated process improvements.
  • Lead Incident Response for Security and Privacy incidents
    • Create and maintain playbooks for anticipated attacks.
    • Plan and execute incident simulations and resulting process improvement.
    • Lead incident response for ongoing incidents in collaboration with the IT Director.
  • Audit Internal Systems and assist in 3rd Party Audits
    • Create Tableau or SIEM dashboards for critical system risks, providing a clear status for each:
      • EDR/XDR
      • data loss prevention
      • device encryption
      • mobile device management
      • user account management
      • proxy/web content filtering
      • system and application vulnerability scanning and patching
      • other security-related technologies, as required
    • Perform Security and Compliance reviews of all Academy systems prior to their adoption.
    • Updates the risk reports for any corrective actions required.
  • Develop and maintain IT Security Training Program with the Academy, including Parents and Alumni
    • Develops overall IT Security Training requirements document, outlining goals and strategies for achieving those goals.
    • Leads the effort to provide user training both in-person and via our online training partners, matching the training to job requirements (e.g. PCI training for Finance, IA and Investments)
    • Champion on-going security awareness efforts outside of training classes, creating an IT Security track for the ‘See Something, Say Something’ awareness program created by Campus Safety.
    • Presents information on our security program at Faculty meetings, Staff meetings and Student Assemblies, as necessary.
  • Demonstrate Leadership and Respect
    • Models the behaviors that we expect from our ITS team, including listening actively, seeking to understand before being understood, speaking reflectively, and exhibiting patience, thoughtfulness and respect for our colleagues in all interactions.

Knowledge, Skills and Competencies

• Respect for diversity of identities and experiences, an orientation toward equity and inclusion, and cultural competency in all aspects of Academy life.
• Ability to work independently and handle multiple priorities and deadlines simultaneously.
• High degree of organizational skills with the ability to be flexible and multi-task with accuracy.
• Ability to build and leverage effective relationships and influence decisions and behaviors through partnering.
• Excellent communication (written and verbal) skills.

Direct/Indirect Reports

None.

Position Requirements

Education

• Bachelor’s degree required, Information Technology or Information Security specialization preferred.
• CISSP or equivalent certification preferred

Experience

• Minimum 3 years of experience working with multiple security technologies, including IDS/IPS, syslog Analysis (Windows, Web Servers, CheckPoint and Fortinet NextGen Firewalls, AV, etc.), Network and User Behavior Analysis tools, and Network Monitoring tools
• Proven analytical and problem-solving skills.
• Demonstrated ability to manage multiple priorities.
• Strong understanding of regulatory compliance for PCI, HIPAA and GDPR preferred.
• Experience in an educational setting preferred.

Additional Requirements

1. Successfully complete a criminal background check (reviewed every 5 years).