Senior Security Engineer - Cyber Defense Professionals

Job Expired

About the job

Senior Security Engineer

Department of Assets, Information and Services-IT

Number of Positions: 6

Salary: $123,864.00

Under supervision, this is the advanced level in the class series responsible for executing the security strategy and implementing and maintaining complex security measures for the protection of computer systems, networks, and information, in accordance with security policies and guidelines, and performs related duties as required.

This class is assigned to the Engineer Information Technology Job Family which consists of engineers and developers that design, build, test, deploy, and support IT products and solutions.

The Senior Security Engineer currently has six vacancies covering five focuses. The five focuses are; Cybersecurity Operations – Security Engineering, Cybersecurity Operations – Threat Management, Cybersecurity Operations – Security Operations, Cybersecurity Support – Identity & Access Management, Operational Technology Security (two positions).

This class is distinguished from the entry-level by the amount of discretion exercised over technical issues, problems and resolutions; positions must possess a significant level of specialized technical and functional expertise beyond that expected at the entry level; require highly specialized knowledge, abilities and skills and experience and often exercise independent judgement in the performance of their duties. The senior level also has greater latitude in determining work methods and assignments; greater authority over assignments and decisions required to complete the work than the lower-level classification; and works on large complex security systems or networks.

ESSENTIAL DUTIES

Creates controls to detect potential security violations and makes recommendations to improve security
Designs and implements security solutions for detection and notification, security auditing, alerting, and response, vulnerability detection and remediation
Reviews security information system schematics, diagrams, and other program documentation to assist with development and preparation of cost estimates
Performs capacity and future growth planning of the enterprise security infrastructure to ensure a highly available security environment
Verifies security systems by developing and implementing test scripts and running security scans
Maintains and supports information security tools such as antivirus, end-point detection and response, Data Loss Prevention, vulnerability scanning tools and other security controls which safeguard and monitor events
Certifies the security functionality of components and services
Provides expertise and assistance to ensure the infrastructure and information assets are protected
Validates baseline security configurations for operating systems, applications, networking, and telecommunications equipment
Participates in 24/7 on-call rotation, Incident Response and Disaster Recovery efforts
Maximizes security footprint by monitoring security tools, troubleshooting escalated security problems and incidents, identifying security gaps, and evaluating and implementing enhancements
Provides responsive support for security problems found during normal working hours and outside normal working hours
Resolves and consults on the most complex security issues and keeps customers informed about security problems and resolutions
Analyzes reports and historical data to identify security problems and troubleshoots, diagnoses, and resolves security problems
Communicates status and documents problems and resolutions for future reference
Assists in the development of incident response, continuity and disaster recovery plans with department stakeholders and third-party service providers
Evaluates vendor solutions to ensure compliance with requirements and cost-effectiveness, working with vendors to resolve security problems and develop solutions, evaluating services provided and recommending changes
Develops and maintains enterprise IT standards across the security footprint
Track, monitors, and analyzes key cybersecurity metrics and KPIs
Recommends security products by researching needs and evaluating corporate standards list and security training programs targeting specific areas of improvement.
Managing and mentoring team members

Additional duties may be required for this position.

Location: 2 N LaSalle, Chicago, IL

Days: Monday-Friday

Hours: 9:00am-5:00pm

THIS POSITION IS IN THE SENIOR EXECUTIVE SERVICE.

Qualifications

MINIMUM QUALFICATIONS

Graduation from an accredited college or university with a Bachelor’s in Computer Science, Information Systems, Cybersecurity or a directly related field, plus four (4) years of work experience in IT and security work, system analysis, application development, systems administration, or designing and deploying security solutions; or an equivalent combination of education, training, and experience.

NOTE: To be considered for this position you must provide information about your educational background and your work experience. You must include job titles, dates of employment, and specific job duties.(If you are a current City employee, Acting Up cannot be considered.) If you fail to provide this information at the time you submit your application, it will be incomplete, and you will not be considered for this position. There are three ways to provide the information: 1) you may attach a resume; 2) you may paste a resume; or 3) you can complete the online resume fields.

NOTE: You must provide your transcripts or diploma, professional license, or training certificates at time of processing, if applicable. You must also provide your valid U.S. driver’s license at time of processing.

SELECTION REQUIREMENTS

This position requires applicants to complete an interview. The interviewed candidate(s) possessing the qualifications best suited to fulfill the responsibilities of the position will be selected.

Preference will be given to candidates possessing the following:

One or more Information Security Certifications such as: CompTIA: Security+, GIAC Certification: GCWN, GSEC, ISC2: CISSP, SSCP, CCSP, Cloud Security Alliance: CCSK
Knowledge of designing and implementing security solutions such as network technologies, network monitoring tools, web-related technologies, network/web-related protocols and security solutions supporting Operational Technologies such as Supervisory Control And Data Acquisition (SCADA), Building Controls Systems and Internet of Things (IoT) environments
Knowledge of security systems, including firewalls, intrusion detection systems, antivirus software, authentication systems, log management, content filtering, identity and access management solutions, etc.
Knowledge of database and operating system security
Previous experience in leading projects
Knowledge of applicable City and department, policies, procedures, rules, and regulations