Network Security Engineer
Network Security Engineer – Technology Department
Job #1707 - Closes October 30, 2020
JOB SUMMARY:
This position is primarily responsible for maintaining security of the District network and data and responding to security events that may occur. They will recommend and manage network security devices and services and practices. They will also work with Network, Server, Desktop and Information Systems teams to coordinate the security measures for those teams, provide security advice, and monitor and document the work by each team in that area. They will lead the security activities for District computing devices and servers. This position reports to the Network Operations Manager.
SCOPE OF DUTIES AND RESPONSIBILITIES:
This list of essential functions is not exhaustive and may be supplemented, as necessary.
- Manage District network firewalls and coordinate filtering changes with Technology staff. Research and recommend upgrades to and replacement of firewalls as needed and implement approved changes. Work with Server and Information
Systems teams regarding firewalls implemented in servers to coordinate the filtering activities, review them for possible security issues, and verify that the settings are documented. Manage firewall and filtering features in district wireless
network systems, in coordination with Network team staff. - Manage district web filtering in coordination with Instructional Technology staff. Assist with research and selection of replacement web filtering services as needed and implementation of new systems. Assist with testing of web filtering services, especially where two or more services are filtering the same devices, to ensure that they act as expected. Troubleshoot issues and work with Technology staff for resolution.
- Manage services that collect logs and analyze them for possible issues. Work with Technology staff to establish rules, filters, and processes in the services to notify of possible security issues. Follow-up on any security notifications to identify any possible damage or loss of data, the most likely source of the issue, and then take steps to mitigate the damage and remove the security risk, including proactive measures to reduce future repeats of the issue.
- Manage network access control services to identify all devices on the network and restrict them to appropriate levels of access so they can operate correctly without increasing security risk for the District. Work with Network team to implement appropriate network VLANs as needed. Work with Desktop team to maintain device configurations that simplify network access for staff and students.
- Manage security monitoring services, including anti-malware software for servers and end-user computing devices. Notify Server and Desktop teams of any potential issues and work with them to identify the extent of the problem and to resolve
the issue. - Review changes and new services/equipment in network, server and desktop against security controls and best practices to identify potential security issues and work with teams to resolve the issues before changes or new services/equipment go into production.
- Identify key sources of reliable security information to receive notices of new network and data security risks and current major threats. Stay current on best practices and updates to key documents from CISA, NIST and others related to network and data security. Identify training opportunities to maintain network security skills and arrange with supervisor to attend as needed.
- Maintain security controls and procedures documentation for network, server and desktop systems. Work with information systems team to review their security controls and procedures documentation and suggest improvements.
- Attend district meetings, team meetings, and trainings as required.
- Perform other duties as assigned consistent with scope and intent of employee assignment.
Salary: $119,979.00 - $126,052.00 (NNRAP Professional/Technical Level I)
Work Year: 12 month position; 260 days per year, 8 hours per day
Benefits: We offer a competitive benefits package including paid vacation and holidays, health insurance coverage, Washington State Retirement Plan, and other benefits.
MINIMUM QUALIFICATIONS
Education and Experience
This position requires either the completion of a four year post-secondary degree program in network security AND two years paid experience as a network engineer with responsibilities in network security in an organization of 2,000 employees
or more.
Requires experience with firewalls, web filters, network routers, access control services, centralized logging services, and common tools for network troubleshooting including wireshark.
Experience supporting any of the following is preferred: Fortinet firewalls, F5 Big IP devices, Aruba wireless, and a SIEM service.
Experience using any of the following is a plus: Aruba ClearPass, PacketFence, Malwarebytes, Carbon Black, ExtremeManagement Services.
Prefer one or more of the following certifications: Global Information Assurance Certification (GIAC) Security Essentials (GSEC), Certified Information Systems Security Professional (CISSP), CompTIA Security+ and/or Network +, EC Council Certified Ethical Hacker (CEH), Cisco Certified Network Professional (CCNP).
Allowable Substitution
An equivalent combination of education, training, and/or experience, as determined by the district, may substitute for the required four year post-secondary degree or other specified experience.
Licenses/Special Requirements
Valid Washington State driver’s license.
KNOWLEDGE, SKILLS, AND ABILITIES:
- Ability to read, write and communicate technical information effectively
- Ability to work both independently and cooperatively with others
- Ability to work irregular and flexible hours as required
- Ability to establish effective work priorities and to plan and organize work effectively
- Ability to establish and maintain effective working relationships with staff
WORKING CONDITIONS
Required to meet inflexible deadlines; required to concentrate mentally and visually for extended periods of time; occasionally required to deal with distraught or frustrated people; occasionally required to work flexible and irregular hours to complete tasks, occasionally required to lift and carry equipment and supplies up to 50 pounds; required to operate a motor vehicle and drive between sites; manual dexterity and precision required to make network connections and operate a computer.
APPLICATION PROCEDURE:
So that we can fully assess their qualifications, we require that all applicants submit a complete application packet,
including:
- Classified Application Form (Complete on-line at www.nsd.org)
- Letter of application addressing your ability to perform the job duties and meet the qualifications as listed above. The letter should provide specific examples of your work experience, accomplishments, and achievements that demonstrate your ability to perform the work. (Upload and attach to application)
- Resume (Upload and attach to application)
- You may also submit other supporting information of your choosing.
Incomplete applications cannot be considered. Applications must be completed by the closing date to receive consideration.
UPON HIRE:
If you are hired, you will need to complete an Employment Eligibility Form and submit documentation to Human Resources for review and verification to comply with the Federal Immigration Reform and Control Act. All offers of hire are contingent upon passing a nation-wide criminal history check, which requires employees to provide fingerprints. All newly hired employees must satisfactorily complete a probationary period of 90 days following their hire date.