Find The RightJob.

Information Security Engineer - Intermediate

Overview of Position

The Information Security Engineer (Intermediate), working under general direction, designs, implements, support, and operationalizes major components of the district’s information security program aligned with ISO/IEC 27001/27002 and Information Security Risk Management aligned with ISO/IEC 27005 (NOTE: NIST Cybersecurity Framework is also used as an informative reference to the district's Information Security Program).

The Information Security Engineer plays a critical role in identifying, reducing, and managing information and technology risk across the district by establishing and enforcing security standards; developing and maintaining policies, procedures, and baselines; and delivering security services that protect users, data, and systems.

This role supports business operations and academic requirements by ensuring the confidentiality, integrity, availability, and responsible use of information systems—including emerging Artificial Intelligence (AI)–enabled technologies—while maintaining compliance with federal and state regulations, district policies, and industry best practices. The role also supports compliance-driven security testing initiatives such as penetration testing and regulatory assessments (e.g., PCI-DSS), ensuring findings are addressed in alignment with district risk tolerance.

This role is heavily hands-on and operational, with responsibilities spanning threat detection and response, security automation, vulnerability and configuration management, security architecture, and incident response support. The position leverages Microsoft 365, Microsoft Sentinel, and Azure-native security tooling—to conduct threat hunting, analyze indicators of compromise (IOCs) and indicators of attack (IOAs), and enhance detection and response capabilities through automation.

The Information Security Engineer also supports the secure adoption of Artificial Intelligence technologies across the district. This includes contributing to AI risk management activities, such as identifying and assessing risks associated with AI systems (e.g., data leakage, model misuse, bias, hallucinations, unauthorized access, and over-permissioned AI agents), recommending mitigations, and aligning AI usage with district policies, legal requirements, and ethical guidelines.

Essential Functions

25%

Plans and implements security controls across software, hardware, and network systems; identifies, analyzes, and mitigates vulnerabilities; participates in security architecture reviews.

15%

Provides technical support and training to staff on secure practices; conducts security needs assessments and recommends tools and configurations.

15%

Develops and recommends procedures to enhance cybersecurity operations; designs and implements incident response protocols and access control policies.

15%

Serves as a security resource to schools and departments; responds to incidents and coordinates remediation efforts.

15%

Participates in district-wide technology and security committees; contributes to policy development and special projects.

10%

Assists in the development and maintenance of secure configurations for applications and systems; evaluates and recommends cybersecurity tools.

Maintains current knowledge of cybersecurity threats, tools, and best practices; monitors threat intelligence and regulatory changes.

Performs related duties including documentation, audit preparation, and compliance reporting.

OTHER FUNCTIONS:

May perform related duties consistent with the scope and intent of the position.
May perform related duties in support of Disaster Recovery and Business Continuity.

RELEVANT COMPETENCIES:
Technical Learning
Quickly learns and integrates new technical skills and knowledge; seeks out avenues to enhance technical knowledge.

Picks up and integrates technical skills quickly.
Recognizes trends and effectively prepares for changes.
Seeks out opportunities to advance one’s learning in relevant technical disciplines.

Time Management
Uses time effectively and efficiently; concentrates efforts on the most important priorities; adeptly handles several tasks at once.

Focuses efforts on the most important priorities.
Uses time effectively and efficiently.
Handles multiple tasks effectively.
Values other people’s time.

Interpersonal Skills
Builds constructive and effective relationships; uses diplomacy and tact to diffuse tense situations; is approachable and fair.

Relates well with others.
Builds constructive and effective relationships.
Responds appropriately to the needs and feelings of others.
Demonstrates tact, diplomacy, and fairness

Functional / Technical Skills
Possesses the technical knowledge and skills to perform the job at a high level; actively enhances and applies new skills.

Understands and stays current on technical aspects of the job.
Applies technical knowledge to address issues promptly.
Identifies ways to apply new developments to improve performance.
Shares expertise with others when appropriate.

DISTRICT-WIDE CORE COMPETENCIES:
Collaboration
Develops cooperation and teamwork while participating in a group, working toward solutions which generally benefit all involved parties.

Is seen as a team player who encourages efficient and effective collaborations.
Works skillfully in difficult situations with both internal and external groups.
Represents his/her own interests while being open-minded to other groups.
Builds respectful and productive relationships internally and externally.

Getting Results (Action Oriented)
Performs work with energy and drive; values planning, but will take quick, decisive action when an opportunity presents itself.

Demonstrates a strong sense of urgency about solving problems and getting work done.
Focuses on achieving the goal even in the face of obstacles.
Assumes responsibility for starting and finishing work with minimal supervision.
Strives for new levels of performance.

Decision Quality & Problem Solving
Uses analysis, wisdom, experience and logical methods to make good decisions and solve difficult problems with effective solutions; appropriately incorporates multiple inputs to establish shared ownership and effective action.

Weighs the consequences of options before making a decision.
Applies appropriate criteria to situations for the purpose of making decisions.
Displays self-confidence in own judgment.
Focuses in the facts and solutions instead of opinions and problems.

Integrity
Is widely trusted; is seen as a direct, truthful individual; presents truthful information in an appropriate and helpful manner; keeps confidences; admits mistakes; doesn’t misrepresent him/herself for personal gain.

Deals with people and situations in an honest and forthright manner.
Represents information and data accurately and completely.
Represents the confidentiality of information and concerns shared by others.
Takes ownership if a mistake is their own and does not blame others.

Accountability
Holds self and others accountable for measurable high-quality, timely and cost-effective results; determines objectives, sets priorities and delegates work; accepts responsibility for mistakes; complies with established control systems and rules.

Takes responsibility and action as if the risks (financial or otherwise) are his or her own.
Holds individuals and team accountable for their actions and results.
Initiates action even if outcome is uncertain and is willing to accept the consequences of failure.
Aligns own activities and priorities to meet broader organizational needs.
Demonstrates courage and confidence in his or her own ability.

KNOWLEDGE, SKILLS AND ABILITIES:

Analyze and respond to security incidents, including phishing, malware, and unauthorized access
Conduct risk assessments, vulnerability scans, and security audits using tools like Nessus, Qualys, or Microsoft Defender
Principles of secure network architecture, including firewalls, VPNs, IDS/IPS, and zero trust models
Security frameworks and compliance standards (e.g., NIST, CIS Controls, FERPA, PCI)
Operation and hardening of operating systems (Windows, macOS, Linux) and cloud platforms (e.g., Microsoft 365, Azure, Google Workspace)
Identity and access management (IAM), multi-factor authentication (MFA), and role-based access control (RBAC)
Document and communicate security findings, recommendations, and incident reports clearly and concisely
Communicate technical security concepts to non-technical stakeholders, including school leaders and staff
Evaluate and recommend secure solutions that align with district policies and instructional needs
Collaborate with IT, legal, and instructional teams to implement and monitor security controls
Data protection technologies, including encryption, DLP, and secure data lifecycle management
Develop and maintain security configurations, baselines, and automation scripts (e.g., PowerShell, Python)

OTHER FACTORS:

Will be in an on-call rotation for emergency cybersecurity response.

Typical Qualifications

EXPERIENCE/EDUCATION:

A typical way to obtain the knowledge and abilities would be:

(5) years of experience in a related field, with three (3) years as an infosec engineer; Bachelor's degree in Computer Science, Information Technology, Business Administration, or related field; or an equivalent of education and experience.

Any equivalent combination of education, experience and training that provides the relevant knowledge, skills and abilities to perform the work will be considered.

DESIRED CERTIFICATIONS & LICENSES:
Certified Associate in Project Management (CAPM), and/or Certified Information Security Manager (CISM), or equivalent (Certified Information Systems Security Professional (CISSP) is preferred)

CLEARANCES:
Criminal Justice fingerprint and background check

Similar jobs