Senior IT Security Engineer
Apply NowCompany: Idaho State Supreme Court
Location: Boise, ID 83709
Description:
Salary : $88,000.00 - $100,000.00 Annually
Location : Boise, ID
Job Type: Full-Time
Job Number: 00134
Department: Administrative Office of the Courts
Division: Information Division
Opening Date: 04/17/2025
Closing Date: 5/1/2025 5:00 PM Mountain
How We Work:: The Administrative Office of the Courts is committed to supporting the mission of the Idaho Courts using an approach that aligns strategy, work, and capacity. This approach empowers our employees to respond quickly and efficiently to meet the needs of our customers: citizens, courts, judges, employees, and other stakeholders. We believe in continual improvement of our services and products to better serve and support our customers and the evolving environment. Court employees are future-focused, take initiative, and are personally responsible for work delivery and professional growth. Our leaders are committed to professional development and growth of employees by empowering and supporting motivated individuals; providing clarity and focus for projects; giving those individuals the environment and support they need; and fostering a culture of collaboration, transparency, learning, trust, and shared accountability.
General Position Summary
Position Title: Senior IT Security Engineer
Effective Date: April 2025
Salary Grade/Range: Grade 17 / $88,000 - $100,000
FLSA Status: Exempt - Computer
EEO Job Category: Professional
General Position Summary:
The Idaho Supreme Court is seeking a highly dedicated, technical candidate for the Senior IT Security Engineer position to implement and provide security services to ensure networks, systems, and applications are appropriately designed, configured, secured and maintained to protect the Idaho Judiciary's information assets. This position will determine, analyze, and propose security requirements and technical solutions. The Senior IT Security Engineer will work in partnership with all Information Division team members, as well as county IT staff and statewide functional business areas to drive security improvements. The successful candidate will be responsible for implementation, maintenance and administration of the Court's security technologies and processes. This position works under the direction of the Chief Information Security Officer.
Major Duties and Responsibilities
(The examples provided do not cover all of the duties which the incumbent of this position may be required to perform.)
Minimum Qualifications
The Idaho Supreme Court reserves the right to consider an equivalent combination of education, training, and/or experience necessary to successfully perform the major responsibilities of the position.
Education and Experience:
Knowledge, Skills, and Abilities
The Idaho Supreme Court is an equal opportunity employer. Hiring is done without regard to race, color, national origin, sex, age, religion, socioeconomic status, sexual orientation, gender identity, disability, or any other applicable legally protected status. In addition, preference may be given to veterans who qualify under state and federal laws and regulations. If you need accommodation for applying or interviewing, please notify human resources.
N/A
Location : Boise, ID
Job Type: Full-Time
Job Number: 00134
Department: Administrative Office of the Courts
Division: Information Division
Opening Date: 04/17/2025
Closing Date: 5/1/2025 5:00 PM Mountain
How We Work:: The Administrative Office of the Courts is committed to supporting the mission of the Idaho Courts using an approach that aligns strategy, work, and capacity. This approach empowers our employees to respond quickly and efficiently to meet the needs of our customers: citizens, courts, judges, employees, and other stakeholders. We believe in continual improvement of our services and products to better serve and support our customers and the evolving environment. Court employees are future-focused, take initiative, and are personally responsible for work delivery and professional growth. Our leaders are committed to professional development and growth of employees by empowering and supporting motivated individuals; providing clarity and focus for projects; giving those individuals the environment and support they need; and fostering a culture of collaboration, transparency, learning, trust, and shared accountability.
General Position Summary
Position Title: Senior IT Security Engineer
Effective Date: April 2025
Salary Grade/Range: Grade 17 / $88,000 - $100,000
FLSA Status: Exempt - Computer
EEO Job Category: Professional
General Position Summary:
The Idaho Supreme Court is seeking a highly dedicated, technical candidate for the Senior IT Security Engineer position to implement and provide security services to ensure networks, systems, and applications are appropriately designed, configured, secured and maintained to protect the Idaho Judiciary's information assets. This position will determine, analyze, and propose security requirements and technical solutions. The Senior IT Security Engineer will work in partnership with all Information Division team members, as well as county IT staff and statewide functional business areas to drive security improvements. The successful candidate will be responsible for implementation, maintenance and administration of the Court's security technologies and processes. This position works under the direction of the Chief Information Security Officer.
Major Duties and Responsibilities
(The examples provided do not cover all of the duties which the incumbent of this position may be required to perform.)
- Maintain knowledge on the latest intelligence and attack methodologies to mitigate risks and/or take corrective actions during security incidents;
- Communicate mature security control reporting and assurance review processes to executive leadership;
- Conduct technical security risk assessments, for on-premise, county-based, and cloud-based solutions, to identify security gaps and level of risks;
- Work with national cybersecurity entities, including but not limited to, the Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), FBI InfraGard, and others, to identify best practices and recommended security controls for state government entities, and drives internal initiatives to implement these practices and controls;
- Lead security initiatives to design, assess, implement, and remediate systems to ensure appropriate protection of the Court's information, and to comply with applicable security standards, regulations, and policies;
- Develop and assess security policies, standards, and guidelines;
- Identify security risks, threats and vulnerabilities for the Court's network, systems, and applications;
- Determine, analyze, and propose an enterprise security architecture and associated security requirements;
- Assist in proposing technical solutions and system configurations to meet specified security requirements;
- Conduct detailed security technical reviews of new or existing technologies and/or applications;
- Develop solutions and coordinate actions to mitigate system security threats and risks;
- Perform security product evaluations, provide recommendations, and implement products/services to improve the Court's security posture;
- Implement and conduct security incident monitoring to identify and minimize threats to the Court's operations and technical environment;
- Monitor and assess activity and events from intrusion detection/prevention systems, other security technologies, and system log data collected to identify and react to new threats and incidents;
- Review and identify root causes of security incidents, develop corrective actions, reassess inherent risks and drive future proactive/preventive actions;
- Establish formal vulnerability/risk management processes including but not limited to, vulnerability assessments, penetration testing, vulnerability remediation and compliance testing;
- Develop and/or manage a process to track vulnerability and threat trends, to include metrics for tracking and analyzing vulnerability remediation efforts;
- Assist with the management of security technologies to include, but not limited to, firewalls, access control lists, anti-virus software, web content filtering, authentication systems, and other technologies, both on-premise and cloud (AWS/Azure);
- Work with application teams to implement and audit appropriate security controls, to include user/role management, segregation of duties, encryption, password controls and other security configuration items;
- Provide technical security advice and serve as a technical training resource to management and staff;
- Perform other information security or technology tasks as required to meet business requirements;
- Maintain security consistent with court policy;
- Configure, tune and optimize intrusion detection/prevention systems (IDS/IPS), security event/incident management systems (SIEM), and other security technologies, as applicable;
- Perform other duties as assigned.
Minimum Qualifications
The Idaho Supreme Court reserves the right to consider an equivalent combination of education, training, and/or experience necessary to successfully perform the major responsibilities of the position.
Education and Experience:
- Bachelor's Degree in Computer Science, Information Security or a related field;
- Seven (7) years of experience in information security systems engineering or related (e.g. networking, secure software development, cloud, AI);
- Hands-on experience with multiple operating system environments (such as Windows, Linux, Unix);
- Certifications such as CEH: Certified Ethical Hacker, CISSP, CISA, GSEC / GCIH / GCIA: GIAC Security Certifications
- Strong familiarity with enterprise security architecture principles.
Knowledge, Skills, and Abilities
- Knowledge of implementing common information security frameworks, such as CIS 18, NIST, or others;
- Knowledge of information assurance (IA) principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data;
- Knowledge of training principles and practices for teaching and instruction for individuals and groups, and the measurement of training effectiveness;
- Knowledge of firewall, vulnerability scanning, host protection, and IDS/IPS products;
- Knowledge of incident response life cycle; preparation, analysis, containment, eradication, remediation, recovery and post-incident activity;
- Knowledge of enterprise security technologies including, but not limited to, firewalls, IDS/IPS, network access control and network segmentation, the security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies; and with Data-at-rest encryption, certificate validation, SIEMs and log management, log analysis, HTTP and TCP/IP analysis;
- Knowledge of vulnerability identification and assessment including, but not limited to, the OWASP Top 10, SANS Top 25, and MITRE ATT&CK;
- Knowledge of the concepts within CIS 18, ISO 27000, NIST 800, and other security standards;
- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies;
- Knowledge of the practices and methods of IT strategy, enterprise architecture and security;
- Strong proficiency with operating systems such as Windows Linux, and Unix;
- Skill in change management principles and practices;
- Skill in implementing and managing authentication, authorization, and access control methods;
- Skill in risk management process (e.g. methods for assessing and mitigating risk);
- Skill in applying and incorporating information security controls into proposed solutions;
- Skill in effective interpersonal skills and demeanor;
- Skill in effective organization and time management skills with the ability to make measurable progress on multiple tasks, assignments and projects simultaneously and work in high-pressure situations;
- Ability to synthesize feedback and adjust plans accordingly;
- Ability to work independently and collaboratively as part of a team;
- Ability to communicate technical concepts effectively verbally and in writing to various stakeholder groups and technical abilities;
- Ability to understand and solve problems by applying advanced analytical skills to include collecting, integrating and analyzing all relevant data and information down to manageable components and/or charts, diagrams or graphs;
- Ability to identify a number of solutions to complex problems integrating findings from several different disciplines, identifying and evaluating various options and selecting the most effective solution;
- Ability to draw logical and objective conclusions from data;
- Ability to build strong relationships inside and outside the organization;
- Ability to balance, prioritize, and organize multiple tasks;
- Ability to evaluate and test emerging technologies and processes;
- Ability to support disaster recovery and business continuity plans;
- Ability to work in a confidential manner, ensuring information is shared with internal and external individuals in an appropriate manner.
The Idaho Supreme Court is an equal opportunity employer. Hiring is done without regard to race, color, national origin, sex, age, religion, socioeconomic status, sexual orientation, gender identity, disability, or any other applicable legally protected status. In addition, preference may be given to veterans who qualify under state and federal laws and regulations. If you need accommodation for applying or interviewing, please notify human resources.
N/A