IT Security Engineer II or III

Salary : $94,644.00 - $163,600.00 Annually Location : Kennewick, WA Job Type: Full Time, Regular, Exempt Job Number: 202600007 Department: IT Infrastructure Opening Date: 02/12/2026 Closing Date: 3/8/2026 11:59 PM Pacific FLSA: Exempt Bargaining Unit: N/A Hiring Range: $94,644 - $136,333 Equal Opportunity Employer/Veterans/Disabled As of January 1, 2023, Benton PUD will be including a full wage scale or salary range for positions under the salary section shown per the Engrossed Substitute Senate Bill 5761 that amends portions of the Equal Pay and Opportunity Act. Please see the target hiring range for this position under the Position Purpose/Summary section. Position Purpose/SummaryProtect Critical Infrastructure. Defend What Matters. Full-Time Exempt | Mid to Senior Level | Growth Opportunity Cyber threats are evolving. Critical infrastructure is increasingly targeted. At Benton PUD, security isn't just an IT function - it's a public trust. We are looking for a highly motivated, technically elite IT Security Engineer who is passionate about cybersecurity, IT/OT environments, network architecture, and physical security systems. This is a leadership-level role responsible for safeguarding essential services that power and support our community. This is more than a job - it's a mission. You'll work alongside professionals who care deeply about protecting essential services and strengthening infrastructure that thousands rely on every day. If you're a security professional who thrives on challenge, takes ownership of risk mitigation, and wants to help keep Benton PUD safe from emerging threats - we encourage you to apply. Join us. Protect what powers our community. The successful candidate will be placed appropriate to their education, experience and ability to perform the specific position accountabilities. Range for IT Security Engineer II: $94,644 to $135,206 (Hiring Target Range is $94,644 to $112,672) Range for IT Security Engineer III: $114,520 to $163,600 (Hiring Target Range is $114,520 to $136,333) The primary purpose of this position is to support or lead the District's cyber and physical security programs with a strong emphasis on Cybersecurity. This role is responsible for designing, implementing, and maintaining secure architectures that protect Benton PUD's IT, OT, and physical infrastructure. The IT Security Engineer II or III serves as a technical authority for enterprise security systems, ensuring resiliency, compliance, and risk reduction across digital and physical environments, including substations, facilities, networks, systems, and critical infrastructure; developing and carrying out information and physical security plans and policies. AccountabilitiesSupport the District's mission to serve our customers and foster a positive workplace by personally choosing behavior aligned with our values and ethical code. Monitor, audit, and execute security controls and tools to maintain network security by identifying potential security issues to include performing network security threat/impact assessments and scans, recommending security measures, installing and monitoring security devices, and installing patches, and updates as needed; lead mitigation efforts to remediate discovered security deficiencies. Manage the risk of security exposure or compromise within District systems by providing awareness training on information security standards, policies and best practices. Participate as a key member of the Security Incident Response Team by leading investigations and incident response activities, ensuring IR plan is followed and liaising with external support entities such as E-ISAC, DHS, PURMS, etc., as appropriate. Provide guidance and recommendations to ensure the security and resiliency of the converged IT/OT and physical security systems. Ensure a resilient network infrastructure by supporting implementation and securing design principles in network infrastructure and helping establish and verify secure network components and secure communications channels as per design. Establish and maintain logging, monitoring, alerting, and threat-hunting capabilities across cyber and physical security platforms. Monitor and respond to notifications or indications of compromise. Ensure resiliency of secure network authentication and access by supporting design and implementing appropriate encrypted communication methods. Develop, review and assist CISO in standards and policies for cybersecurity practices in both IT and OT environments, working closely with other stakeholders and groups to build out best practices and manageable criteria for increasing security posture. Oversee and technically manage enterprise physical security systems including access control systems (ACS), surveillance cameras, intrusion detection, duress/panic systems, and emergency notification platforms. Ensure the District achieves and maintains mandated compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), NERC CIP, and PCI-DSS by supporting implementation of a comprehensive network security architecture and adhering to internal District security policies. Perform vulnerability assessments, security risk assessments, system audits and penetration testing activities to test and audit existing or proposed systems, networks, functions or software: recommend changes in identified design gaps; and lead remediation or mitigation efforts. Guide program improvement by performing annual security posture assessment and developing tasks and plans to increase posture based on findings and focus areas. Respond to security threats and alerts during and after hours for the purpose of resolving immediate security concerns. Oversee security-related incident reporting and response, conduct after-action review, direct investigations of all security-related incidents; demonstrate sound judgement in working with federal, state, and local law enforcement for potential criminal investigations. Collaborate with internal departments, utilities, vendors, and external agencies to enhance overall security posture and resilience. Complete special projects and other duties as assigned to meet team, department and organization goals. Level III Additional Accountabilities Lead District efforts to achieve and maintain mandated compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), NERC CIP, and PCI-DSS by designing and implementing a comprehensive network security architecture and adhering to internal District security policies. Perform or lead vulnerability assessments, security risk assessments, system audits and penetration testing activities to test and audit existing or proposed systems, networks, functions or software: recommend changes in identified design gaps; and lead remediation or mitigation efforts. Guide program improvement by leading annual security posture assessment and developing tasks and plans to increase posture based on findings and focus areas. Lead investigations regarding suspected malware or phishing attacks and follow digital forensics best practices when handling potential evidence or sensitive information whose integrity must be maintained. Respond to security threats and alerts during and after hours for the purpose of resolving immediate security concerns. Minimum Qualifications, Experience and CertificationsEducation and Experience: Required:IT Security Engineer II BA/BS - Computer Science, Cyber Security or related field 3 to 4 years of experience in implementation, theory and troubleshooting as a security engineer with a strong networking background. IT Security Engineer III BA/BS - Computer Science, Cyber Security or related field 5 to 7 years of experience in implementation, theory and troubleshooting as a security engineer with a strong networking background. Education Substitution: BA/BS is preferred; however, substitution is allowed for those with an approved job-related certification and at least an AA degree, with two (2) additional years of directly related experience Licensing or Certifications: Preferred: Certifications in 1 or more of the following: Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP), Cisco Certified CyberOps Associate (CCNA), Certified Information Systems Security Professional (CISSP). Knowledge, Skills and Abilities: Cybersecurity & IT/OT In-depth knowledge in server operating systems (Linux, Windows) In-depth experience with security testing (DoS, XRSF, XXS, Brute Force) In-depth knowledge of a SIEM application In-depth knowledge of Network Management Software and Monitoring Tools In-depth knowledge of Data Loss Prevention, Intrusion Detection and Intrusion Prevention In-depth knowledge of Automated security testing software In-depth knowledge of Forensic investigation and analysis Network Experience with network protocols and architectures (TCP/IP, VLANs, routing protocols, DNS, DHCP). Experience configuring, maintaining, and securing enterprise networking equipment and firewalls. Physical Security Knowledge of electronic and mechanical physical security systems, including access control, video surveillance, intrusion detection, and audit logging. Experience integrating physical security platforms with IT and cybersecurity monitoring systems. Knowledge of risk, vulnerability, and threat assessment methodologies. General Strong problem-solving skills to effectively research, investigate and offer solutions to issues that are more complex and difficult in nature Good verbal and written communication skills with the ability to communicate security-related concepts to a broad range of technical and non-technical staff to include leadership Ability to stay current with technology and apply training and experience to real world problems Highly motivated and independent strategist capable of creating and implementing comprehensive security policies ADA RequirementAttendance: Consistent need to attend work at the job site or work location. Frequent or constant need for punctuality. Physical Effort: Most all of the time is spent sitting in the same position or standing/walking, or there is some requirement to lift or handle material or equipment of moderate weight (8 - 20 pounds, sometimes more). Environment: Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable. Hazards: Most of the time is spent in general office or equivalent conditions. Sensory Attention: Typically requires regular use of one or more senses of medium intensity and long duration. Job Pressure/Deadline Orientation: Must meet reasonable deadlines, quotas or demands for accuracy and/or may be involved in some mildly unpleasant situations. Applications may be filed online at: Questions? Contact Amber Melling via phone at (509) 585-2291 or email at Benton PUD's Total Pay Approach provides a comprehensive package that includes compensation, benefits, retirement plans, and employee development. We have a variety of programs and options to fit your needs, including: Health and Life Benefits: Medical (PPO or CDHP) Dental Vision Employee Life and AD&D Insurance Dependent Life Insurance Short Term Disability Long Term Disability Retirement Benefits: Washington Public Employees' Retirement System (PERS) 457 and 401(a) Deferred Compensation Plans with Company Contribution Saving/Spending Accounts: VEBA Health Reimbursement - to reimburse yourself for medical expenses or save for the cost of medical at retirement Flexible Spending Accounts Health Care Spending Account Dependent Care Spending Account Paid Time Off Personal Leave - accruals increase with years of service 13 Paid Holidays New Years Day President's Day Memorial Day Independence Day Labor Day Veteran's Day Thanksgiving Day Christmas Day 5 Floating Holidays Other benefits include: Safety Incentives Wellness Incentives Alternative Work Schedules Employee Assistance Program Tuition Assistance Program Training and Development Opportunities Leadership Training Community Engagement Casual Work Attire Some of these benefits may not apply to temporary or on call positions. 01 What is your highest level of education? High School Diploma or GED AA/AS in Computer Science, Cyber Security or related field BA/BS in Computer Science, Cyber Security or related field Masters or higher in Computer Science, Cyber Security or related field Other Degree or Certifications 02 How many years of experience do you have in design, implementation, theory and troubleshooting as a security engineer with a strong networking background? No experience 1 to 2 years of experience 3 to 4 years of experience 5 to 7 years of experience 8 or more years of experience 03 Do you have any of the following certifications? Please select all that apply: Cisco Certified Network Associate (CCNA) Cisco Certified Network Professional (CCNP) Cisco Certified CyberOps Associate (CBROPS) Certified Information Systems Security Professional (CISSP) None of the Above 04 What is your experience level with current Windows/Linux server operating systems? Basic knowledge Intermediate knowledge Advanced knowledge 05 Do you have experience with security testing (DoS, XRSF, XXS, Brute Force)? Yes No 06 Do you have experience with SIEM applications? Yes No 07 Do you have experience with Network management Software and Monitoring Tools? Yes No 08 Do you have in-depth knowledge of network protocols and architectures (TCP/IP, VLANs, routing protocols, DNS, DHCP)? Yes No 09 Do you have experience configuring, maintaining, and securing enterprise networking equipment and firewalls? Yes No 10 Do you have experience with electronic and mechanical physical security systems, including access control, video surveillance, intrusion detection, and audit logging? Yes No Required Question

Created: 2026-03-04