Security Engineer

About Us

At the Commonwealth of Kentucky, we are committed to enhancing our community through technology and innovation. Our healthcare professionals and application specialists work to ensure the safety and well-being of our residents. If you are seeking a meaningful role where you can make a tangible impact on healthcare and technological advancement, this opportunity may be the perfect fit.

The Opportunity

The Office of Application and Technology Services (OATS) is seeking a highly motivated Information Security Architect to join our team. Reporting to the Chief Information Security Officer (CISO), this role serves as the principal security advisor responsible for planning, designing, implementing, and maintaining security frameworks across the division.

As the Subject Matter Expert (SME) for security operations, you will collaborate with internal development teams and vendor partners to strengthen the security posture of our systems. This role requires expertise in risk assessment, compliance, security architecture, and strategic planning to protect sensitive information and assets.

Key Responsibilities

Security Program Development & Strategy
Assess the current security program, define future security strategies, and develop an implementation roadmap.
Develop key performance indicators (KPIs) to measure security program effectiveness.
Collaborate with division leaders to ensure security initiatives align with business objectives.

Security Policy & Compliance
Design and enforce security policies and procedures aligned with industry best practices.
Ensure compliance with regulatory frameworks such as FISMA, FedRAMP, ISO 27001, NIST, and COBIT.
Provide guidance on security decisions based on organizational vision and mission.

Security Architecture & Infrastructure
Develop a security architecture framework aligned with business and technology needs.
Design security strategies and roadmaps for cloud and on-premise environments.
Establish baseline security configurations for operating systems, network segmentation, and access management.

Risk Assessment & Incident Response
Conduct risk assessments, threat modeling, and vulnerability analysis for applications and services.
Develop and maintain incident response plans to effectively mitigate security threats.
Perform forensic investigations to analyze and prevent future security incidents.

Collaboration & Secure Development
Work closely with DevOps teams to integrate security best practices into the development lifecycle.
Advocate for secure coding standards and escalate concerns regarding insecure coding practices.
Partner with privacy and compliance teams to safeguard sensitive data.

Security Awareness & Training
Develop and deliver security awareness training to educate employees on risks and best practices.
Provide ongoing support to teams regarding security-related inquiries.

Preferred Qualifications

Education & Experience
Bachelor's degree in Computer Science, Information Security, or a related field (advanced degree preferred).
5+ years of experience in information security architecture, design, and implementation.
Strong background in security regulations, compliance, and risk management.

Certifications (Preferred but Not Required)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information System Auditor (CISA)
Other relevant security certifications

Technical & Leadership Skills
In-depth knowledge of network security, encryption, authentication, and identity management.
Experience implementing security tools and technologies (firewalls, IDS/IPS, endpoint protection, etc.).
Strong communication skills to translate security concepts for technical and non-technical stakeholders.
Ability to work independently and lead security initiatives across teams.
Strong problem-solving and analytical skills with an innovative mindset.

Job Type: Contract

Pay: $50.00 per hour

Schedule:
Monday to Friday

Work Location: Remote