DirectClient: Office of the Attorney General of Texas(OAG)
Solicitation#302CSD2129
Title: DLP/CASB Security Architect/Engineer
Location: OAG-CSD State Office located at 5500 E. Oltorf St, Austin, TX 78741/Telecommuting
Duration: Until 8/31/2021 with possible extension upto 8/31/2022
Last date for submission: May 28, 2021 (2.00 PM-CST)
DESCRIPTION OF SERVICES:
Data Loss Protection (DLP) and Cloud Access Security Broker (CASB) are key focus solution areas within the Enterprise Information Security (EIS) division. The Security Analyst is required to work on and lead the DLP/CASB architecture, implement and design use cases tailored to monitor and protect our hybrid data center and cloud environments as well as improve our security posture.
Ideally, we are looking for a DLP/CASB Architect and Engineer with experience working with Data Protection Software like Netskope (CASB), Prisma SaaS (CASB), Microsoft (DLP/CASB), Forcepoint (DLP/CASB), and Symantec/Broadcom (DLP/CASB).
This person will need to have hands-on experience with DLP/CASB including:
• Work closely with business units to review and understand Data Protection requirements for new and in-flight projects and initiatives, with the ability to articulate the impacts clearly and concisely, while recommending solutions and offering practical suggestions as to remediation activities
• Work closely with business units on the deployment and operation of Data Protection related technology
• Manage the configuration, testing, and deployment of policy rules to help mitigate the risk to the agency as it relates to data protection
• Design and build Data Protection infrastructure and solutions to align with program objectives, policies, procedures, and technical control requirements
• Write and define solution requirements and identify the business value
• Define key performance indicators (KPIs) and key risk indicators (KRIs) for data governance and protection controls
• Define/create operational and strategic metrics for the data protection program
• Work in a collaborative cross-matrix environment and be able to build and maintain key relationships throughout the agency
CANDIDATE SKILLS AND QUALIFICATIONS
Minimum Requirements:
Years Required/Preferred Experience
8 Required Experience working in Cybersecurity space
6 Required Experience with Data Loss Protection/Cloud Access Security Brokers (i.e. Symantec, Microsoft, Bitglass, Netskope)
5 Required Experience with Vulnerability Management Systems (i.e. Rapid7, Tenable/Nessus Scanning, Qualys). Establish vulnerability management program using systematic scanning, risk evaluation, and coordination to remediate or mitigate identified vulnerabilities
5 Required Experience with Endpoint Detection and Response (i.e. EndGame, Crowdstrike, CyberReason). Detect and respond to alerts from end point detection response tools
5 Required Experience prioritizing top threats and likelihood for data loss vectors
5 Required Experience developing API use cases, scenarios, requirements in support of integrations with other platforms
5 Required Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and lead and work as part of a team
5 Required Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis
5 Required Ensure proper metrics, analysis, and reporting for continuous process improvement. Provide escalation support and document resolutions for improvement.
5 Required Monitor external data sources (e.g., cyber defense vendor sites, US-CERT, OpDivs, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine issues that would impact the enterprise
5 Required Experience in creating, documenting, and maintaining policies, procedures, and workflows
4 Required Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field. Master’s Degree a plus
1 Required CISSP, CCSP, CEH, or equivalent certifications
7 Preferred Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis.
7 Preferred Possess a solid understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST, PCI DSS, HIPAA, CIS Critical Controls)
5 Preferred Experience with Email Threat Management (i.e. Proofpoint, MimeCast, Microsoft)
5 Preferred Experience with Cloud Enterprise Network Security (i.e. Cisco Umbrella, Palo Alto, ZScaler)
5 Preferred Experience with SIEM engineering design/management/analysts (i.e. Splunk, Rapid7, SumoLogic)
5 Preferred Running and handling the Incident Response Team (IRT) and procedures in the SOC Division
5 Preferred Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks
3 Preferred Understanding of cloud based solutions such as AWS, Azure, and/or Google Cloud
3 Preferred Experience in performing the forensics by using the toolkit FTK / Autopsy etc.
1 Preferred OSCP, CISM, GSEC, CEH, CISA, CCSP, CNFE desired
1 Preferred Symantec Certified Specialist (CloudSOC, DLP); Microsoft 365 Certified: Security Administrator Associate