Information Security Engineer

The Administrative Office of the Courts (AOC) is seeking an Information Security Engineer responsible for leading security efforts regarding information security risk assessment, mitigation and compliance.

Responsibilities include:

  • Manage and maintain organizational firewalls. Work with STS on firewall rules and manage various requests needed to establish and maintain access to various AOC systems hosted in state data centers along with maintaining appropriate documentation thereof.

  • Manage and maintain system endpoint protection software and email anti-virus/spam systems.

  • Manage review, analyze, design and develop plans for system security based on AOC and the Strategic Technology Solutions (STS) policies and guidelines.

  • Assessment of information system security requirements, functionality, and the effectiveness of security solutions against present and projected threats.

  • Identify, assess, suggest solutions and communicate the impact of security risks and challenges affecting the AOC to management.

  • Develop solutions and approaches to remediate critical, high and medium and low vulnerabilities within given tight timeframe set by the AOC. Train staff to assist and own addressing security vulnerabilities.

  • Strengthen system protections via ensuring all public facing IPs in a DMZ comply with AOC and STS standards for encryption and are appropriately hardened against attack.

  • Participate in server and application patch management to ensure highest level of security with all publicly available systems.

  • Work with STS to coordinate security scans, analyze results and work with hardware and application staff to remediate findings as quickly as possible.

  • Develop processes and frameworks based on AOC and STS specifications to prevent future vulnerabilities. Mentor junior staff on all understanding and implementation of IT security processes and procedures.

  • Manage and appropriately respond security incidents quickly and effectively to isolate and mitigate threats as a means to protect confidentiality and integrity of AOC systems and data. Delegate and work with staff on developing/implementing incident resolutions.

  • State VPN user account administration.

  • Manage and maintain Appellate Court and AOC server backup systems.

  • Keep abreast of trends and developments in IT security as it relates job functions. Communicate information to the rest of the team.

  • Work closely with hardware and application staff on day to day operations as needed.

  • Ability to set up and configure server hardware.

  • Server and user administration.

  • Email system administration.

  • Participate in design, implementation, maintenance and testing of disaster .recovery plan.

  • Design, implement, maintain and manage internal network infrastructure.

  • Monitor internal network hardware to ensure peak performance.

  • Provide tier 2 and 3 top level technical support as needed.

  • Other related duties and projects as assigned.

EDUCATION AND EXPERIENCE:

Graduation from an accredited college or university with a Bachelor’s Degree or Associates Degree with three years of experience in information security program design and implementation, information security risk analysis and mitigation, information security policy standards and procedures and implementation, incident response and mitigation.  Experience may be substituted for required degrees with technology industry certifications, and a proven minimum of 4 years of experience in information security program design and implementation, information security risk analysis and mitigation, information security policy standards and procedures and implementation, incident response and mitigation. Minimum of 2 years  direct experience with networking equipment and technologies, including firewalls, routers, layer 3 switches, Ethernet, TCP/IP, (routing and sub-netting) VLAN and QoS.  Minimum of 2 years direct experience with Windows and or Linux server operating systems, (experience with MicroFocus OES/Linux is desirable).  Minimum of 2 years direct experience in VMware deployment and management.

Job Requirements:

  • Minimum of 2 years direct work experience in IT system security including security audits, policy and compliance review, risk analysis and threat mitigation, vulnerability management, penetration testing and security incident response.

  • Demonstrate knowledge of best security practices centered on management, control, and monitoring and hardening of servers and network infrastructure.

  • Direct experience with security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.

  • Experience utilizing various security tools such as IBM AppScan, Tenable etc. is desirable.

  • Possess sufficient familiarity with web applications and databases to effectively work with database and development staff to provide the highest level of application security possible.

  • Ability to set up and configure server hardware a plus.

  • Knowledge Windows and Linux server operating system configuration in order to properly secure these systems.

  • Experience in a network/server administrator role a plus.

  • Experience with VMWare, Windows and Linux server implementation and administration a plus.Microsoft and/or Linux OS certifications a plus.

  • Microsoft and/or Linux OS certifications a plus.

  • Good problem solving skills an ability to work under pressure.

  • Skilled at organizing, prioritizing and multitasking.

  • Protect organization's value by keeping information confidential.

  • Previous experience with the State of Tennessee is desirable.

  • Thorough understanding of AOC and STS security polices and various end user applications are desirable.

  • Experience with backup and recovery software and methodologies.

  • Ability to travel within the state.

  • Ability to lift and transport 75 pounds.

This position requires a criminal background check. Therefore, you will be required to provide information about your criminal history in order to be considered for this position.

Equal Employment Opportunity Employer

Location: Nashville
Department: Technology
Position Available: Immediately
Position Closing: This position will remain open until filled

To Apply

Submit an Application for Employment in PDF, a resume, and three professional references by email to human.resources@tncourts.gov.  The Court System accepts only electronic applicant information saved in PDF format.

Thank you for taking time to submit your information for consideration. Please note that applicants will only receive communication regarding submissions if selected for an interview.

For more information: Email human.resources@tncourts.gov