Under general supervision, assists in analyzing, planning, implementing, maintaining, troubleshooting and enhancing large complex systems or networks consisting of a combination that may include mainframes, mini-computers, personal computers, mobile devices, LANS, WANs, servers, data storage and the physical and logical components that integrate these systems together as an enterprise networking backbone.

 

The 1042 Security Engineer is the journey level position in the Engineer series. The class is distinguished from the Senior level by the complexity of the tasks, projects or duties assigned, and is more independent than the Assistant level. This classification performs a wide range of complex analytical, design, planning, implementation, enhancement and problem resolution tasks on large complex systems and networks. Works within a framework of established procedures and interprets policies, procedures and guidelines. This level may formulate recommendations consistent with directives, policies, standards and regulations. Incumbents require only occasional instruction or assistance. Work is reviewed upon completion and for overall results. Serves as a technical architect and systems integrator for large complex systems or networks, with a focus on securing vulnerabilities and reducing risk of system and/or asset compromises.

 

Essential Duties

  1. Implements, maintains and operates information system security controls and countermeasures.
  2. Validates and assists in the implementation of security controls and procedures in acquisition, development, and change management lifecycle of information systems.
  3. Validates and assists in the implementation of security controls and procedures in business processes related to use of information systems and assets.
  4. Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
  5. Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts with third-party incident responders, including law enforcement.
  6. Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
  7. Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and coordinates third-party risk and compliance assessments.
  8. Analyzes information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
  9. Administers, or provides advice and oversight, for information security training and awareness programs.

 

Back to Security Engineer