IT Security Engineer/ Senior IT Security Engineer at Idaho State Supreme Court – Boise, Idaho

Position Title: IT Security Engineer / Senior IT Security Engineer

Effective Date: March 2025

Salary Grade/Range: Grade 16 / $72,000-$78,000- IT Security Engineer

Grade 17 / $82,000-$88,000- Senior IT Security Engineer

FLSA Status: Exempt - Computer

EEO Job Category: Professional

General Position Summary:

The Idaho Supreme Court is seeking a highly dedicated, technical candidate for the IT Security Engineer/ Senior IT Security Engineer position to implement and provide security services to ensure networks, systems, and applications are appropriately designed, configured, secured and maintained to protect the Idaho Judiciary’s information assets. This position will determine, analyze, and propose security requirements and technical solutions. The IT Security Engineer/IT Senior Security Engineer will work in partnership with all Information Division team members, as well as county IT staff and statewide functional business areas to drive security improvements. The successful candidate will be responsible for implementation, maintenance and administration of the Court’s security technologies and processes. This position works under the direction of the Chief Information Security Officer.

(The examples provided do not cover all of the duties which the incumbent of this position may be required to perform.)

• Identify security risks, threats and vulnerabilities for the Court’s network, systems, and applications;
• Determine, analyze, and propose an enterprise security architecture and associated security requirements;
• Assist in proposing technical solutions and system configurations to meet specified security requirements;
• Conduct detailed security technical reviews of new or existing technologies and/or applications;

• Develop solutions and coordinate actions to mitigate system security threats and risks;
• Perform security product evaluations, provide recommendations, and implement products/services to improve the Court’s security posture;
• Implement and conduct security incident monitoring to identify and minimize threats to the Court’s operations and technical environment;
• Monitor and assess activity and events from intrusion detection/prevention systems, other security technologies, and system log data collected to identify and react to new threats and incidents;
• Review and identify root causes of security incidents, develop corrective actions, reassess inherent risks and drive future proactive/preventive actions;
• Establish formal vulnerability/risk management processes including but not limited to, vulnerability assessments, penetration testing, vulnerability remediation and compliance testing;
• Develop and/or manage a process to track vulnerability and threat trends, to include metrics for tracking and analyzing vulnerability remediation efforts;
• Assist with the management of security technologies to include, but not limited to, firewalls, access control lists, anti-virus software, web content filtering, authentication systems, and other technologies, both on-premise and cloud (AWS/Azure);
• Work with application teams to implement and audit appropriate security controls, to include user/role management, segregation of duties, encryption, password controls and other security configuration items;
• Provide technical security advice and serve as a technical training resource to management and staff;
• Perform other information security or technology tasks as required to meet business requirements;
• Maintain security consistent with court policy;
• Configure, tune and optimize intrusion detection/prevention systems (IDS/IPS), security event/incident management systems (SIEM), and other security technologies, as applicable;
• Perform other duties as assigned.

The Idaho Supreme Court reserves the right to consider an equivalent combination of education, training, and/or experience necessary to successfully perform the major responsibilities of the position.

Education and Experience:

• Bachelor’s Degree in Computer Science, Information Security or a related;
• Three (3) year of experience in information security systems engineering or related (e.g. networking, secure software development, cloud, AI);
• Hands-on experience with multiple operating system environments (such as Windows, Linux, Unix);

• Certifications such as CEH: Certified Ethical Hacker, CISSP, CISA, GSEC / GCIH / GCIA: GIAC Security Certifications
• Strong familiarity with enterprise security architecture principles.

• Knowledge of training principles and practices for teaching and instruction for individuals and groups, and the measurement of training effectiveness;
• Knowledge of firewall, vulnerability scanning, host protection, and IDS/IPS products;
• Knowledge of incident response life cycle; preparation, analysis, containment, eradication, remediation, recovery and post-incident activity;
• Knowledge of enterprise security technologies including, but not limited to, firewalls, IDS/IPS, network access control and network segmentation, the security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies; and with Data-at-rest encryption, certificate validation, SIEMs and log management, log analysis, HTTP and TCP/IP analysis;
• Knowledge of vulnerability identification and assessment including, but not limited to, the OWASP Top 10, SANS Top 25, and MITRE ATT&CK;
• Knowledge of the concepts within CIS 18, ISO 27000, NIST 800, and other security standards;
• Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies;
• Knowledge of the practices and methods of IT strategy, enterprise architecture and security;
• Strong proficiency with operating systems such as Windows Linux, and Unix;
• Skill in effective interpersonal skills and demeanor;
• Skill in effective organization and time management skills with the ability to make measurable progress on multiple tasks, assignments and projects simultaneously and work in high-pressure situations;
• Ability to work independently and collaboratively as part of a team;
• Ability to communicate technical concepts effectively verbally and in writing to various stakeholder groups and technical abilities;
• Ability to understand and solve problems by applying advanced analytical skills to include collecting, integrating and analyzing all relevant data and information down to manageable components and/or charts, diagrams or graphs;
• Ability to identify a number of solutions to complex problems integrating findings from several different disciplines, identifying and evaluating various options and selecting the most effective solution;
• Ability to draw logical and objective conclusions from data;
• Ability to build strong relationships inside and outside the organization;
• Ability to balance, prioritize, and organize multiple tasks;
• Ability to evaluate and test emerging technologies and processes;
• Ability to support disaster recovery and business continuity plans;
• Ability to work in a confidential manner, ensuring information is shared with internal and external individuals in an appropriate manner.

Distinguishing Features of the Job Class:

In addition to the duties listed above, the Senior IT Security Engineer possesses the following qualifications:

Minimum Qualifications:

Education and Experience:

• The Senior IT Security Engineer requires a Bachelor’s Degree in Computer Science, Information Security or a related field and seven (7) years of relevant work experience.

Knowledge, Skills, and Abilities:

• Knowledge of implementing common information security frameworks, such as CIS 18, NIST, or others;
• Knowledge of information assurance (IA) principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data;
• Skill in change management principles and practices;
• Skill in implementing and managing authentication, authorization, and access control methods;
• Skill in risk management process (e.g. methods for assessing and mitigating risk);
• Skill in applying and incorporating information security controls into proposed solutions;
• Ability to synthesize feedback and adjust plans accordingly;

Major Duties and Responsibilities:

• Maintain knowledge on the latest intelligence and attack methodologies to mitigate risks and/or take corrective actions during security incidents;
• Communicate mature security control reporting and assurance review processes to executive leadership;
• Conduct technical security risk assessments, for on-premise, county-based, and cloud-based solutions, to identify security gaps and level of risks;
• Work with national cybersecurity entities, including but not limited to, the Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), FBI InfraGard, and others, to identify best practices and recommended security controls for state government entities, and drives internal initiatives to implement these practices and controls;
• Lead security initiatives to design, assess, implement, and remediate systems to ensure appropriate protection of the Court’s information, and to comply with applicable security standards, regulations, and policies;
• Develop and assess security policies, standards, and guidelines;
• Other duties as assigned.

The Idaho Supreme Court is an equal opportunity employer. Hiring is done without regard to race, color, national origin, sex, age, religion, socioeconomic status, sexual orientation, gender identity, disability, or any other applicable legally protected status. In addition, preference may be given to veterans who qualify under state and federal laws and regulations. If you need accommodation for applying or interviewing, please notify human resources.