IT Security Engineer - Hybrid - 90% Remote

IT Security Engineer

Bring your passion for information technology and security engineering to a role where it truly makes an impact. As the IT Security Engineer, you will be responsible for designing, implementing and maintaining security controls and platforms that protect the organization's information systems, networks and data. This role will work closely with IT and business teams to identify security risks, respond to incidents and ensure compliance with internal policies and regulatory requirements.

Candidates must have meticulous attention to detail, outstanding problem-solving skills, with the ability to work comfortably under pressure and be able to deliver on tight deadlines and in accordance with legal and regulatory requirements.

The ideal candidate will have extensive hands-on experience in at least two of the following key areas:

Security Operations

• Design, implement, administer and maintain enterprise information security platforms and solutions
• Monitoring potential security incidents and events
• Vulnerability and threat assessment and remediation
• Threat intelligence operationalization
• Security platform assessment and selection
• Security awareness and training
• Security consulting for internal teams and departments regarding appropriate applications, configurations, policies, and controls

Incident Response

• Develop, document and test organizational incident response plans, disaster recovery plans and business continuity plans
• Manage complex security incidents, including coordination with internal and external resources
• Maintain defensible evidence

Governance, Risk and Compliance

• Manage and conduct internal and external audits and assessments
• Manage vendor and third-party risk, including ongoing assessments and remediation plans
• Develop, implement and manage security and risk policies, procedures, standards and guidelines
• Design, implement and assess security controls to meet industry best practices and legal and regulatory requirements

Essential Functions:

• Perform security incident and threat management, including monitoring security events, identifying abnormal/malicious behavior, investigating, triaging and remediating security incidents
• Plan, coordinate, implement and support information security measures and platforms to protect data, software and hardware
• Perform information security risk assessments, including service specific risk assessments, networks and systems, data security, network infrastructure and reporting on security status and incidents
• Develop and maintain complete security documentation related to security design, implementation, processes and practices
• Provide consultation to business units and technology teams on security best practices and ongoing requirements

Note: This position is subject to 24-hour on-call rotation requirements and must be able to be onsite within 1 hour.

About Our Team

Wake County Information Technology is in the heart of Raleigh's booming downtown, a part of the Research Triangle area. If you're a tech-guru, this is the place to be. Our team of smart, dedicated people is respected within our organization and recognized as leaders in the use of technology by the prestigious Center for Digital Government, regularly ranking in the top ten among counties with a population for 1 million or more. Our team members are our most valued asset and treated as such with competitive salaries and top-notch benefits. We believe a good work/life balance helps people make better decisions, be more creative and enjoy coming to work. If you thrive in a highly collaborative, fast-paced, supportive environment, then you owe it to yourself to check us out.

The Basics (Required Education and Experience)

• Bachelors degree in Computer Science, Information Systems, Computer Engineering or a related field.
• Three years of experience in security design and administration.
• Equivalent education and experience are accepted

• Please include ALL prior work experience on your application and resume.

Beyond the Basics (Preferred Education and Experience)

• Active Certified Information Systems Security Professional (CISSP), Security+, or equivalent security certifications are preferred
• Experience implementing security controls governed by legal and regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI)
• Experience administering, maintaining and troubleshooting enterprise security platforms, including but not limited to firewalls, intrusion detection/prevention, web filtering, vulnerability management, endpoint protection, email protection and encryption
• Experience defining security standards and incident response plans to detect, respond and recover from security incidents, including analyzing incident related data and implementing containment and eradication strategies
• Experience performing vulnerability assessments and penetration testing and defining effective remediation plans
• Experience developing, implementing and testing business continuity and disaster recovery plans

How Will We Know You're 'The One'?

• Advanced knowledge and understanding of information security architecture, technologies, best practices and controls
• In depth knowledge of common Information Security frameworks and standards and compliance and regulations such as ISO 27001/27002, NIST, PCI-DSS, HITRUST, HIPAA, HITECH
• Solid organizational skills with the ability to thrive in a sense-of-urgency environment, leveraging best practices and approaching any problem as team-player with a can-do attitude
• Ability to manage time and prioritize the most important tasks within a given time period
• Detail oriented with excellent problem solving, analytical, communication and organization skills
• Desire to maintain up-to-date knowledge of developments in security technology, trends and issues