Graduation from an accredited four-year college or university with major coursework in cybersecurity, information technology security, computer engineering, computer information systems, computer science, management information systems or a related field. Full-time qualifying work experience may be substituted for each year of the required
education (one year = 30 semester hours).
Certified Information System Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Cloud Security Professional (CCSP), Certification as a Certified Information Systems Auditor (CISA), SANS GIAC Systems and Network Auditor (GSNA), or equivalent
Certification.
Experience in cybersecurity analysis, or information security analysis.
Experience in security and/or enterprise architecture development, implementation, and management.
Experience in conducting security risk assessments and/or audits of policies, standards, procedures, and technical environments within state and federal statutes, regulations, and standards relating to information security and computer crime.
Excellent communication and presentation skills with the ability to articulate technical issues to all levels.
Strong consultative, analytical and problem-solving skills.
Skill in applying and incorporating information technologies into proposed solutions.
Skill in translating operational requirements into protection needs (i.e., security controls) and to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-
repudiation).
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Skill in applying network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth); to identify critical infrastructure systems with information communication technology that were designed without system security considerations.