Participates in workstream planning process including inception, technical design, development, testing and delivery of security solutions;
Collaborates closely with infrastructure, architecture and application teams to design security solutions that incorporate present and future views of security;
Leads the design and implementation of security solutions for intrusion detection and notification, security auditing, alerting, and response, virus detection and removal, password complexity enforcement, and media protection;
Defines and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment;
Collaborates with IT Security Architects on optimization of the security footprint (tools enhancement, hardware improvements, new software tools, etc.);
Troubleshoots, diagnoses and resolves high severity security issues or problems escalated by senior leadership;
Collaborates in the development of security implementation requirements, acceptance criteria, and assists in generating statements of work (SOWs);
Participates in discussions with architecture team around security standards and practices;
Communicates and influences other engineers, managers and business/clinical teams on ensuring policies and procedures regarding use of security products, techniques, and patterns are followed;
Directs efforts to identify discrepancies resulting from security audits, develops plans for corrective action, and tracks actions to closure;
Recommends security products by researching needs and evaluating corporate standards list;
Reviews security information system schematics, diagrams, and other program documentation to assist with development and preparation of cost estimates;
Designs and implements security solutions for intrusion detection and notification, security auditing, alerting, and response, virus detection and removal, password complexity enforcement, and media protection;
Performs capacity and future growth planning of the enterprise security infrastructure to ensure a highly available security environment;
Analyzes and reports on key security metrics and Key Performance Indicators (KPIs);
Certifies the security functionality of network components and services within the release;
Implements security solutions for intrusion detection and notification, security auditing, alerting, and response, virus detection and removal, password complexity enforcement, and media protection;
Reviews audit trails to detect potential security violations;
Verifies security systems by developing and implementing test scripts and running security scans;
Validates baseline security configurations for operating systems, applications, networking and telecommunications equipment;
Maximizes security footprint by monitoring security tools, troubleshooting escalated security problems and incidents, scheduling security upgrades, identifying security gaps, and evaluating and implementing enhancements;
Troubleshoots, diagnoses, and resolves problems; keeps customers informed about network security problems and resolutions;
Communicates status and documents problems and resolutions for future reference;
Evaluates vendor solutions to ensure compliance with requirements and cost-effectiveness;
Maintains enterprise IT standards across the network security;
Responsible for managing Tier 2 and Tier 3 incidents response;
Reviews privileges and permissions of users;
May be assigned as a Disaster Service Worker, as required;
Performs other related duties.
Requirements :
Possession of a Bachelor's Degree from an accredited college in Computer Science, Information Systems or other related field;
and
Nine (9) years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, and/or systems administration, with at least three (3) years of experience at a level comparable to the County's IT Security Engineer classification. Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc. is required.
OR
Training and experience equivalent to the possession of a Bachelor's degree. Relevant analytical, administrative, lead, supervisory or management experience that includes interpreting rules and regulations, gathering data and formulating recommendations, and report writing can substitute for education on a year-for-year basis;
and
Eleven (11) years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, and/or systems administration, with at least three (3) years of experience at a level comparable to the County's IT Security Engineer classification. Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc. is required