Information Security Engineer - Hybrid

Roles & Responsibilities

This position will focus on security deliverables for the STARS project.

• The STARS Information Security Engineer will support the planning, design, engineering, upgrading, and monitoring of security protocols and systems for the protection of the organization's computer applications, infrastructure, networks, and data.
• Perform system security assessments as required per state and federal law.
• Understand State and Federal security requirements for the project scope, preferably with prior experience with control frameworks (e.g., NIST, HITRUST, COBIT, COSO, and ISO) to drive IT privacy and regulatory compliance.
• Manage and organize the Plan of Action and Milestones for STARS.
• Create, monitor, and update security findings and associated metrics for STARS.
• Assess, engineer, and recommend solutions for security and technical teams on STARS.
• Collaborate and partner with internal and external technical teams.
• Perform risk assessments, audits, and tests to ensure proper functioning of data processing activities and security measures.
• Collaborate with analysts, engineers, and architects to improve security team processes using AMS principles.
• Collaborate with users to discuss computer data access needs, to identify security threats and violations, and to identify and recommend needed programming or process changes.
• Review project documentation and attend project meetings to ensure continuity and support of design and operations.
• Safeguard system security and improve overall server and network efficiency by training users and promoting security awareness.
• Develop and implement plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure; adhere to emergency data processing needs.
• Review violations of security procedures; provide training to ensure violations do not recur.
• Review security policies, standards, procedures and recommend changes based on current trends and needs. Identify opportunities to automate various privacy and data protection compliance activities to reduce the overall cost of compliance.
• Perform other related duties as assigned.

Skills Required

• Ability to collaborate, coordinate, and effectively communicate which is essential to drive work without direct authority.
• Technically proficient, with an understanding of emerging technologies and security engineering frameworks and practices. Demonstrated problem-solving and analytical skills.
• Proficient, or able to gain rapid proficiency with a broad array of security software applications and tools.
• Understanding and experience with computer-related security systems including firewalls, encryption, password protection, authentication and authorization, preferably with modern protocols and frameworks.
• Experience with DevSecOps, preferably in public cloud AWS and Azure environments.
• Excellent verbal and written communication skills.
• Organized with attention to detail.
• Security or risk certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional) and/or CIPP (Certified Information Privacy Professional) certifications are a plus.
• Experience working with products in the following categories: Enterprise password and key vaults.
• Vulnerability scanning and management SIEM PKI Open-Source.
• Vulnerability detection and remediation Continuous, automated security validation in software development CI/CD pipelines.

Experience Required

At least four years of experience in computer information systems with specialization in security engineering preferred.

Education Required

Bachelor's degree in Computer Science, Programming, or a related field required; M.B.A. in Information Systems preferred.

Additional Information

Level-1 Fingerprint Clearance Card is required; 7-year background check required; Candidate must reside in Arizona.