Cyber Security Engineer III (Hybrid Nashville)

At CoreCivic, our employees are driven by a deep sense of service, high standards of professionalism and a responsibility to better the public good.

CoreCivic is currently seeking a Cyber Security Engineer III. The position is located at our corporate office in Nashville, TN (Brentwood area).

Come join a team that is dedicated to making an impact for the people and communities we serve.

This is a hybrid position with 3 days per week in-office and 2 days remote. It is based in Nashville, Tennessee.

Who We Are :

CoreCivic is a diversified government solutions company with the scale and experience needed to solve tough government challenges in cost-effective ways.

We provide a broad range of solutions to government partners that serve the public good through high-quality corrections and detention management, innovative and cost-saving government real estate solutions, and a growing network of residential reentry centers to help address America’s recidivism crisis.

We are the nation's largest owner of partnership correctional, detention and residential reentry facilities and have been a flexible and dependable partner for government for more than 30 years.

What We Have :

• More than just a job but the start of a successful career!
• Supportive environment where employee growth is promoted.
• Comprehensive benefits package & competitive wages.
• PTO & paid holidays.
• Paid job training & other great incentives.

What You Get To Do :

The Cyber Security Engineer III provides a detailed level of engineering support for all information security tools by determining security requirements, planning, implementing, and administering security systems.

Assists in the development and implementation of security policies, procedures and measures in a secure environment. Mentors team members on use of security tools and new security technologies.

• Determines security requirements by evaluating business strategies and needs.
• Researches information security standards, conducts in depth system security reviews, vulnerability analyses and risk assessments.
• Studies security architecture / platform to identify integration issues or opportunities and prepares cost estimates.
• Mentors and trains cybersecurity team on security tools and security best practices.
• Responsible for administration, data ingestion, parsing, dashboard design, and custom searches of company SIEM.
• Conducts periodic independent security audits including NIST, HIPAA and SOX audits and all internal controls compliance programs.

Generates reports as needed from the various security systems to support regulatory compliance.

• Investigates known or suspected security incidents and performs thorough threat hunting and remediation using cybersecurity tools.
• Responsible for firewall and URL filtering configuration, maintenance, monitoring, and various other security measures.
• Responsible for Identity and Access Management.
• Responsible for Endpoint Detection and Response administration.
• Responsible for security setup, maintenance, and monitoring in Azure / M365 cloud environment.
• Evaluates and recommends security products for various platforms to support the company.
• Conducts training sessions with various audiences, provides support, and educates users on security policies and consults on security initiatives and issues.
• Researches emerging technologies and maintains awareness of current security risks in support of security enhancement and development efforts.

Participates in educational opportunities, professional networks, and professional organizations.

• Troubleshoots assigned work tickets supporting daily operations and problems as they occur as well as provide 24 / 7 on-call support rotation.
• Domestic U.S. travel required

Qualifications :

Graduate from an accredited college or university with a Bachelor's degree in Cybersecurity or another related field is required.

Seven years of Cybersecurity experience is required. Additional years of related experience may be substituted for the required education on a year-for-year basis.

• A current and valid certificate as a Certified Information Systems Security Professional (CISSP) is preferred.
• Experience using Security Incident / Event Management (SIEM) systems to search and analyze data providing insights to act on.
• Experience with vulnerability scanners to detect network / security vulnerabilities and provide corrective actions.
• Experience administering Cloud-based systems e.g. Microsoft and AWS is preferred. Possess thorough knowledge of network protocols, network design, and IP sub-netting.
• Experience with NIST and Zero Trust is preferred.
• Must demonstrate a deep understanding of security knowledge and the ability to work independently and interact with the network team and other teams in a fast-paced, ever-changing environment.
• Proficiency in Microsoft Office applications is required.

CoreCivic is a Drug-Free Workplace and EOE including Disability / Veteran