Information Security Engineer I, II, III, Senior

Overview Reports to: Information Security Architect Supervisor Functions Supervised: None Primary Functions: Provide security engineering support via network security implementation, analysis, testing, and monitoring. Duties and Responsibilities: Implementing, testing, managing, monitoring, and upgrading security solutions for the protection of the organization's data, systems, and networks. Assist in the development of best practices policies, programs, procedures, and security standards for the organization. Serve as escalation point for Information Security Analysts. Analyze and correlate security events and implement countermeasures to mitigate against intrusion attacks. Provide information security support in the design, integration, deployment, and troubleshooting of enterprise information solutions. Collaborate with engineering teams to analyze security needs/requirements and assist in developing/implementing security standards/technical solutions. Research and identify ethical hacking, intrusion detection/prevention technologies, secure coding practices, and threat modeling. Implement secure network architectures, virtualization technologies, identity and access management principles, application security, encryption technologies, DNS, SOA, and web applications. Provide security engineering recommendations and assist with planning and implementation of long-term projects. Troubleshoot complex multi-network firewall policy issues. Understand incident response methodologies and assist with coordinating security incidents. Maintain knowledge of Offensive Security, TCP/IP, HTTP, FTP, cookies, authentication, virus scanning, web servers, and encryption. Decode and understand traffic flow using packet level traces (skilled with TCPDUMP, PCAPs, traffic generators, etc.). Identify and reproduce common network and website attacks such as SQL injection, cross-site scripting, remote file inclusion, and cookie manipulation. Maintain a working knowledge of authentication, session management, requests, and form submission processes. Maintain a working knowledge of server-grade applications including Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, and SQL. Perform IDS/IPS real-time monitoring analysis and/or network forensics. Maintain a working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, NCUA, and industry standards. Serve on-call as scheduled. Other duties as assigned. Qualifications Education: Bachelor's degree in Computer Science, Information Technology, or related field. Creditable Experience in Lieu of Education: Two to four years' experience equivalent in technical training, certifications, and/or work experience. Experience/Skills: One of the following industry security certifications is desirable: Certified Information Systems Auditor, Certified Information System Security Professional, Certified Ethical Hacker, any Level 5 GIAC Certification, Offensive Security Certified Professional, or other advanced-level certification. Detailed knowledge of offensive security attack vectors, including Phishing, privilege escalation, buffer overflow, and lateral movement. Two to four years demonstrable experience managing and implementing enterprise security solutions. A minimum of two to four years of experience with holistic security engineering, including firewalls, IDS/IPS, endpoint solutions, proxy servers, web application firewalls, security incident or event management systems, data loss prevention, routers, switches, subnets, and VLANs. Requires knowledge of Transmission Control Protocol/Internet Protocol (TCP/IP) and communication protocols in LAN/WAN deployments. Demonstrated ability to manage and coordinate multiple time-sensitive activities. Excellent verbal and written communication, organizational, and interpersonal skills required. Tenure: Assignment to the Information Security Engineer I category 09, Information Security Engineer II category 08, Information Security Engineer III category 07, or Senior Information Security Engineer category 06 will be determined by the candidate's education or experience. Advancement requires management recommendation and will be based on the candidate's certifications and/or performance. Compensation Salary Pay Range: Information Security Engineer I (Category 09): $69,557 - $112,677 annually Information Security Engineer II (Category 08): $79,989 - $132,798 annually Information Security Engineer III (Category 07): $90,389 - $152,718 annually Senior Information Security Engineer (Category 06): $100,331 - $172,572 annually Starting base salary will be determined based on candidate experience, qualifications, education, and local or state wage requirements, if applicable, and will fall within the range provided above. In accordance with our Salary Administration policy, new hire base salaries generally fall within the minimum to midpoint of the listed range. Benefits Short-term and long-term incentives Comprehensive medical, dental, and vision insurance plan that has HSA and FSA options 401(k) plan with a 5% match Employee Assistance Program (EAP) Life and disability coverage Voluntary cash benefits for accident, hospitalization, and critical illness Tuition Reimbursement Generous leave programs including Paid Time Off accrual, Paid Sick Leave, and Paid Holidays Equal Opportunity Employer #J-18808-Ljbffr

Created: 2025-03-01