Security Engineer

Position Purpose

Reporting to the Director of Information Technology Services, the Security Engineer is responsible for continued development, monitoring and support of the Academy’s information security program. This includes leading in the planning, deployment, and support of a variety of security policies, concepts and technologies, regulatory compliance auditing, end user education programs and technology-based fraud and cybercrime prevention.

Key Accountabilities

Security Administrator Role Expectations

• Develop and maintain IT Security and Compliance Policy Framework
  • Clearly defines systemic risks and potential impacts along with the probability of an event caused by the defined risk. Recommend acceptable risk levels to assist in decision-making.
  • Develop and maintain relationships with business and IT leaders, developers, architects and other stakeholders to support and facilitate risk management enhancements.
  • Develops written response to security audit findings, prepares project plan with IT colleagues to prioritize and resolve findings, follows up on and participates in resulting action items.
  • Maintains up-to-date knowledge on all regulatory compliance requirements with which the Academy must comply.
• Develop and maintain IT Security Requirements for critical systems
  • Define requirements for operating system, third party software and internally-developed application patching and vulnerability scanning
  • Define and maintain requirements for additional technologies related to:
    • anti-virus/anti-malware
    • data loss prevention
    • device encryption
    • mobile device management
    • password management
    • proxy/web content filtering
    • other security-related technologies, as required
  • Recommends and assists in implementing IT Security Controls and Systems
    • Review configuration of security-related devices and applications, including but not limited to firewall, proxy, JAMF, KBOX and Active Directory GPO configurations.
  • Audit internal systems and assist in 3^rd party audits
    • Audit and work with our data scientist to create dashboards for critical system risk levels, providing a clear status for each:
      • anti-virus/anti-malware
      • data loss prevention
      • device encryption
      • mobile device management
      • password management
      • proxy/web content filtering
      • operating system, third party software and internally-developed application patching and vulnerability scanning
      • other security-related technologies, as required
    • Perform Security and Compliance reviews of all Academy systems prior to their adoption.
    • Reviews policies and procedures annually for simplicity, accuracy and completeness. Performs audits to ensure that policies are being followed or maps out a plan to become compliant.
    • Reviews the results of vulnerability testing (may also perform the scanning), updates the risk reports and advocates for any corrective action required.
  • Develop and maintain IT Security Training Program with the Academy, including Parents and Alumni
    • Develops overall IT Security Training requirements document, outlining goals and strategies for achieving those goals.
    • Leads the effort to provide user training via our online training partners, matching the training to job requirements (e.g. PCI training for Finance, IA and Investments)
    • Champion on-going security awareness efforts outside of training classes, creating an IT Security track for the ‘See Something, Say Something’ awareness program created by Campus Safety.
  • Demonstrate Leadership and Respect
    • Demonstrate respect for diversity of identities and experiences, an orientation toward equity and inclusion, and cultural competency in all aspects of Academy life.
    • Models the behaviors that we expect from our ITS team, including listening actively, seeking to understand before being understood, speaking reflectively, and exhibiting patience, thoughtfulness and respect for our colleagues in all interactions.

Degree of Independent Action Performed

Incumbent is expected to work with a high level of independence and autonomy, and exercise a high degree of initiative, influence, and judgment in decisions impacting staff and department operations.

Expected to solve problems or address issues that require immediate attention.

Direct/Indirect Reports

None

Internal & External Contacts

Frequent contact with PEA administrative and academic offices, faculty and staff. Some contact with students, medical personnel, coaches and other Academy personnel is expected. External contacts may include alumni, parents, outside organizations, and contractors.

Position Requirements

Education

• Bachelor’s degree required, Information Technology or Information Security specialization preferred.
• CISSP or equivalent certification preferred.

Experience

• 5+ years’ information security experience, preferably in an academic environment.
• Minimum 3 years of experience working with multiple security technologies, including IDS/IPS, syslog Analysis (Windows, Web Servers, CheckPoint and Fortinet NextGen Firewalls, AV, etc.), Network and User Behavior Analysis tools, and Network Monitoring tools
• Strong understanding of regulatory compliance for PCI, HIPAA and GDPR.
• Proven analytical and problem-solving skills.
• Demonstrated oral and written communication skills.
• Demonstrated ability to manage multiple priorities.
• Experience in an educational setting preferred.

Skills & Knowledge

• Strategic high-level thinking coupled with the attention to detail necessary for successful planning and execution.
• Demonstrated ability to collaborate with teammates and clients by building trust and credibility.
• Ability to work independently and handle multiple priorities and deadlines simultaneously.
• High degree of organizational skills with the ability to be flexible and multi-task with accuracy.
• Ability to build and leverage effective relationships and influence decisions and behaviors through partnering.
• Excellent communication (written and verbal) skills.

Physical Requirements

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

1. Ability to sit in a normal seated position for extended periods of time.
2. Reaching by extending hand(s) or arm(s) in any direction.
3. Finger dexterity required to manipulate objects with fingers rather than with whole hand(s) or arm(s), for example using a keyboard.
4. Communication skills using the spoken and written word.
5. Ability to see with normal parameters.
6. Ability to use a visual display terminal with continuous wrist movement on a keyboard.
7. Ability to hear within normal range.
8. Ability to lift and transport up to 10lbs without assistance.

Additional Requirements

1. Successfully complete a criminal background check (reviewed every 5 years).
2. Clean Driving record (reviewed annually).