Cyber Security Engineer

POSITION SUMMARY

The Cybersecurity Engineer is responsible for supporting the protection and security of critical systems and data related to the Citys technology infrastructure business systems and water management and distribution environments. The position works closely with Information Technology teams City leadership water and wastewater engineers and other stakeholders to advise on coordinate and support the implementation of cybersecurity measures monitor systems for vulnerabilities and assist in incident response activities to help ensure the confidentiality integrity and availability of City systems data and municipal water infrastructure.

The Cybersecurity Engineer supports the delivery of organizational goals by implementing and maintaining the Information Security and Compliance programs. This role ensures compliance targets are met by delivering secure technology services aligned with regulatory requirements organizational risk appetite established risk management practices and evolving business needs.

The Cybersecurity Engineer collaborates closely with City leadership Information Technology teams and business stakeholders to share information assess risk and identify evaluate and implement solutions that support cybersecurity and compliance objectives.

REPORTING RELATIONSHIPS

Reports to: Director of Information Technology

Direct Reports: None

DUTIES AND RESPONSBILTIES

The description below is intended to represent only the key areas of responsibilities; specific job assignments duties and environmental conditions will vary depending on the business need of the department and the organization.

Relationship Management (20% of time)

• Communicates complex information concepts and metrics in a confident and well-organized manner through verbal written and visual means and tailored to the audience including to multiple levels of leadership.
• Collaborates with Information Technology and business teams as well as other internal/external partners to build relationships supporting cybersecurity compliance and digital accessibility initiatives.
• Regularly presents to the City Leadership Team on the state of cybersecurity to promote an understanding cybersecurity needs and ensure leadership support for investments related to the security of enterprise systems.
• Partners with city wastewater and water distribution leaders to ensure compliance with appropriate water infrastructure security standards and regulatory requirements.
• Develops cybersecurity awareness and training initiatives for users across the organization.
• Serves as the strategic liaison between IT divisions Leadership and end users to foster a strong culture of cybersecurity awareness to stay abreast of changing needs in the organization and ensure cybersecurity initiatives and procedures evolve with the organization.

Project Management (20% of time)

• Develops long term strategies and programs for meeting future cybersecurity needs.
• Leads special projects teams and provides direction to technical staff on Cybersecurity projects and training programs.
• Conducts risk assessments by staying informed about emerging cybersecurity threats and technologies gathering customer feedback and analyzing needs to identify solutions to develop robust cybersecurity programs across the enterprise platform and assists with vendor selection recommendations.
• Designs and implements new cybersecurity systems and software applications to meet changing cybersecurity needs in collaboration with other IT professionals and departments.
• Designs analyzes installs and maintains cybersecurity tools and systems.

Cybersecurity Analysis (55% of time)

• Stays updated on the latest security threats technologies and industry trends and provides recommendations for improving security posture.
• Using specialized tools and techniques monitors the citys network servers operating systems and applications to detect and prevent cybersecurity threats and malicious activity.
• Collaborates with business units to complete security surveys and facilitates network scans to maintain compliance with security standards.
• Assists with regulatory compliance and risk assessments to identify and mitigate compliance and cyber risks.
• Assists with various internal and external audits/assessments such as Health Insurance Portability and Accountability Act (HIPAA) Criminal Justice Information Services (CJIS) Policy Digital Accessibility local and federal standards Personal Identifiable Information (PII) and other related Privacy requirements.
• Reviews and documents external vendor security and compliance assessments as well as assists with development and adherence to cybersecurity purchasing requirements and platforms such as StateRAMP.
• Assists with the development of policies standards in support of cybersecurity and compliance activities and aligned to company or organizational requirements.
• Assists with identifying best practices for Web page design properly formatting documents and other requests about how to meet accessibility requirements.
• Partners with the IT Operations team to develop and implement initiatives to support business continuity disaster recovery and incident response to prevent interruptions in services and data loss related to cyber events.
• Participates in incident response activities including investigation containment and recovery efforts as needed.
• Creates and maintains documentation on IT cybersecurity systems tools and procedures to ensure continuity of cybersecurity operations and to facilitate knowledge sharing among IT staff members.
• Analyzes system security access and authorization to ensure the citys data and systems adhere to industry standards and regulatory requirements. Provides management notification of security and inappropriate usage violations.
• Monitors user activities and administers training programs to remediate user compliance issues as necessary.
• Develops and prepares cybersecurity reports on findings from monitoring and analyses.
• Ensures compliance with personnel security and department procedures.

Additional duties as assigned (5%)

• Performs other duties as assigned and required.

MINIMUM QUALIFICATIONS

Education

• Bachelors degree in information security cybersecurity or compliance related field.

Work Experience

• 5 years progressive technical experience in an information technology field including a minimum of 3 years of experience in information security cybersecurity or compliance related field.

Certifications and Licensures

• CJIS Certification
• CompTIA Security
• CySA or Pentest
• Certified Information Systems Security Professional (CISSP) preferred.

An equivalent combination of education and relevant job experience may be substituted.

PREFERRED QUALIFICATIONS

• Strong knowledge of security principles best practices and industry standards such as NIST ISO 27001 and CIS Critical Security Controls.
• Hands-on experience with security technologies such as firewalls IDS/IPS SIEM antivirus and vulnerability scanning tools.
• Experience with risk assessment penetration testing and incident response methodologies.
• Strong understanding of networking concepts and protocols such as TCP/IP VLANs VPNs and routing/switching.
• Familiarity with security-related regulations such as Criminal Justic Information Services (CJIS) HIPAA and Payment Card Industry (PCI) requirements.

KNOWLEDGE SKILLS AND ABILITIES

Expert Knowledge

• Modern Anti-Malware technologies
• Computer/Server/Network Hardware and software security scanning methods and techniques.
• Server operating system and application tier security concepts and techniques.
• Theory principles practice and methods of cybersecurity engineering management and administration of information systems in the areas of systems security.

Advanced Knowledge

• Analyze reports and findings from vulnerability scanners and security posture management tool
• National Institute of Standards and Technology (NIST) control documentation
• Risk Management Framework (RMF) documentation.
• Information Assurance Vulnerability Alert (IAVA) reporting
• Enterprise Servers and Network devices Vulnerabilities
• Security and compliance audit findings analysis
• Experience working in teams using DevOps
• Experience with a variety of major security libraries and frameworks
• Frontend and Backend experience is a plus
• Experience with Python is a plus
• Experience with SQL is a plus

Skills and Abilities

Project Management Skills: Advanced skills required to coordinate system enhancement implementations and facilitate cross-functional teams.

Collaboration Skills: Communications regarding interpretation of policies may be made after discussion of different points of view. Work may require providing advice to others outside direct reporting relationships on specific problems or general policies. Interactions with others outside the organization may be stressful negative and require high levels of tact or persuasion to gain cooperation and acceptance of ideas.

Communication Skill: Advanced skills required to establish and maintain effective working relations with customers co-workers staff and vendors. Advanced written communication skills required for composing documentations and correspondence. Advanced verbal communication skills required to educate City users on complex security concepts to technical and non-technical stakeholders. Ability to organize and facilitate planning and demonstrations. Listens well and communicates effectively orally and in writing with various audiences.

Computer Skills: Advanced skills required to evaluate and enhance security for a variety of software-based packages ranging from operating systems to off-the-shelf software applications and databases. Advanced knowledge of computer network infrastructure to analyze and provide guidance to improve system security across the enterprise environment.

Analytical Skills: Advanced skills required to analyze current security posture develop a security program and propose system improvements as appropriate based on the types of data and the risk tolerance of the various business units in the organization. Excellent analytical problem-solving and troubleshooting skills.

WORKING CONDITIONS

Work is performed in a standard office environment requiring sitting for extended periods of time and occasional light lifting (up to 15 lbs.). This job requires visual and physical capabilities to perform work on computers and associated equipment for prolonged periods of time (4-6 hours daily).

SALARY RANGE

$109185 - $163778/Annual Salary

BENEFITS

The City of Englewood offers a comprehensive benefits package including but not limited to:

• Medical Dental and Vision Plans
• Retirement Plans
• Paid Time Off
• Paid Sick Leave
• 12 Paid Holidays

APPLICATION DEADLINE

Open until filled.

Required Experience:

IC