Information Security Engineer

The Vermont State Colleges System is looking for an IT Security Engineer to join the Information Technology team. They are responsible for designing, implementing, and maintaining security measures to protect the Vermont State College System's critical infrastructure, data, and applications. This role works closely with members of IT and other departments to ensure compliance with security best practices, policies, and procedures.  This is a great opportunity to lead a critical role and help set security strategy for the organization. 

Information Security Engineer                                                            GRADE:  14 

BARGAINING UNIT                                                                                   EXEMPT 

BASIC FUNCTION

The IT Security Engineer is responsible for designing, implementing, and maintaining security measures to protect the Vermont State College System's critical infrastructure, data, and applications. This role works closely with members of IT and other departments to ensure compliance with security best practices, policies, and procedures.  This is a great opportunity to lead a critical role and help set security strategy for the organization.

ESSENTIAL DUTIES & RESPONSIBILITIES

Security Design & Architecture

• Design enterprise security architectures, including zero trust frameworks, secure network segmentation, and identity-centric controls.
• Develop and monitor secure baselines for systems, cloud environments, and applications.
• Evaluate and recommend security technologies (e.g., SASE, ZTNA, micro-segmentation) to enhance the system’s security posture.

Network & Infrastructure Security

• Work closely with the network team to architect and deploy secure network solutions, including firewalls, VPNs, IDS/IPS, and network access control (NAC).
• Conduct security reviews of network configurations, ensuring compliance with best practices (e.g., CIS Benchmarks, NIST guidelines).

Vulnerability & Risk Management

• Lead vulnerability assessments, threat hunting, and modeling exercises.
• Develop remediation strategies for identified risks and work with IT teams to prioritize fixes.
• Automate security testing and vulnerability scanning processes where possible.

Incident Response & Threat Mitigation

• Serve as a technical escalation point for security incidents, assisting with forensic analysis and containment.
• Assist in the development of incident response playbooks for emerging threats.
• Monitor, assess and respond/communicate appropriately to threat intelligence.

Compliance & Governance

• Ensure compliance with regulatory requirements (e.g., FERPA, NIST CSF, PCI DSS if applicable).
• Assist in security policy development and enforcement.
• Assist with security awareness training and third-party security reviews.

SUPERVISION RECEIVED

Reports directly to the Director of Infrastructure and Information Security

SUPERVISION EXERCISED

No direct supervision of staff

MINIMUM QUALIFICATIONS

•  Bachelor’s degree in Information Technology, Cybersecurity, or related field or a combination of education and equivalent work experience.
•  At least 5 years of technical IT experience, including:
  •  Windows Server, Active Directory, and Linux/macOS administration.
  •  Networking fundamentals (TCP/IP, DNS, VLANs, NAC).
•  Familiarity with security frameworks and standards (e.g., NIST CSF 2.0, NIST 800-53, 800-171, ISO 27001).

PREFERRED QUALIFICATIONS

•  At least 3 years of experience in a cybersecurity role (e.g., Security Engineer, Analyst) with hands-on exposure to:
  •  Security tools (EDR, SIEM, firewalls, vulnerability scanners).
  •  Incident response or threat mitigation.
•  Experience as a security engineer or architect
•  CISSP, CompTIA Security+, or similar certification (or willingness to obtain).
• Experience in an educational setting. 
• Mac and Linux experience

KNOWLEDGE, SKILLS, & ABILITIES

•  Strong interpersonal skills with the ability to collaborate across technical and non-technical teams.
• Experience working with interdisciplinary groups 
• Good written and verbal communication skills with the ability to engage with a variety of audiences

Location: This position may be based on any of the Vermont State College’s centers or campuses. Some remote work possible.

Physical Requirements: Duties performed cause slight fatigue of eyes, fingers, or other faculties as a result of repetitive motion and/or long periods of standing or sitting. Duties require little physical effort in work with light to moderate (up to 25lbs) easy-to-handle materials. Duties will occasionally require the climbing of ladders.

Working Conditions: Job is performed in a general office or comparable working area with many and frequent distractions such as noise and interruptions. Work schedule may vary during high volume periods. 

This general outline illustrates the type of work which characterizes the job classification. It is not an all-encompassing statement of the specific duties, responsibilities and qualifications of individual positions assigned to the classification. 

VSCS values individual differences that can be engaged in the service of learning. Diverse experiences from people of varied backgrounds inform and enrich our community. VSCS welcomes all qualified applications, including those from historically marginalized and underrepresented populations. VSCS is an equal opportunity employer, in compliance with ADA requirements, and will make reasonable accommodations for the known disability of an otherwise qualified applicant. Please contact Human Resources for assistance with accommodations at CCVHR@ccv.edu. 

All new full-time employees and certain part-time employees will be subject to a criminal background check. Any offer of employment is contingent upon the satisfactory results of this check. 

Application Instructions:
In order to be considered, please submit a complete application package which includes a cover letter, resume/CV, employment application and contact information for three professional references at: www.vsc.edu/employee-resources/job-postings.