Under general supervision, assists in analyzing, planning, implementing, maintaining, troubleshooting and enhancing large complex systems or networks consisting of a combination that may include mainframes, mini-computers, personal computers, mobile devices, LANS, WANs, servers, data storage and the physical and logical components that integrate these systems together as an enterprise networking backbone.
The 1043 Senior Security Engineer is the advanced journey level in the Engineer series. The class is distinguished from the journey level by the complexity and size of the tasks, projects or duties assigned. It is also distinguished from the Journey level by the amount of discretion exercised over technical issues, problems and resolutions, and that it possesses a significant level of specialized technical and functional expertise beyond that expected at the Journey level. This level is distinguished from the Principal level in that Senior level exercises no or limited supervisory responsibilities or the lower technical leadership displayed. Positions at this level require highly specialized knowledge, abilities, skills and experience and often exercise independent judgement in the performance of their duties. The Senior level formulates recommendations consistent with directives, policies, standards and regulations. Work is judged primarily on overall results with great latitude in determining work methods and assignment requirements. The Senior has greater authority over assignments and decisions required to complete the work than lower level classifications. Serves as a senior technical architect and systems integrator for large complex systems or networks, with a focus on securing vulnerabilities and reducing risk of system and/or asset compromises.
- Architects, designs, implements, maintains and operates information system security controls and countermeasures.
- Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance.
- Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.
- Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
- Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.
- Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
- Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
- Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
- Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs.
Back to Security Engineer