JOB PURPOSE AND SUMMARY
This position is responsible for all aspects of information and network security within the Agency, including the administration of applicable security technologies, proactive monitoring of all information technology assets for potential security issues, identity and access management activities, as well as the application of security best practices to mitigate risks within the organization. This position performs at a moderate level of complexity with proficiency under general supervision.
- Responsible for administering, monitoring, maintaining of security systems.
- Assist with coordinating the implementation of security system(s) and upgrades to systems as needed.
- Assist security configurations related to Identity and Access Management and other security systems.
- Manage and support the Identity and Access Management and other security technologies within the team's jurisdiction.
- Participate in the implementation of low to moderate complexity security initiatives.
- Monitor compliance and adherence to agency security policies and assist with violation investigations.
- Perform ongoing oversight of the vulnerability and security-patch management process.
- Manage end user requests and act as liaison between end users and development; establish role definitions within Identity and Access Management systems.
- Access review of user account privileges and activity for designated systems.
- Monitoring and processing of configuration change and service desk requests to facilitate timely resolution.
- Implement and maintain the controls and procedures required to protect the Agency's information system assets in a cost-effective and uniform manner.
- Responsible for performing root cause analysis (RCA) of events and incidents.
- Perform risk analysis to identify any security issues that could lead to lost or stolen data.
- Deploy and administer vendor and internally developed software and procedures to address security requirements.
- Perform analysis, documentation, and testing of enhancements associated with new or existing application functionality.
- Perform unit testing of system modifications to ensure that the specifications are met, and that there is no unexpected or adverse impact on system performance and functionality.
- Responsible for application documentation for both technical and functional purposes.
- Provide support and collect evidence for internal and external audits.
- Assist with maintaining and testing the department's Disaster Recovery and Business Continuity Plan.
EDUCATION AND EXPERIENCE
Minimum qualifications: Bachelors degree or equivalent and two to five years of experience in information security, specializing in information security, or any combination of knowledge, skills, and abilities.
- Proven ability to identify, engage, and coordinate escalation teams to resolve issues in accordance to security objectives.
- Demonstrated ability to challenge the status quo, identify issues, and provide viable suggestions to improve.
- Demonstrated ability to accept personal accountability and ownership for areas of responsible. Pursue solutions and make decisions.
- Ability to analyze complex information.
- Possess a high level of integrity and ethics.
- Demonstrated exceptional communication skills.
- Proficient knowledge of Microsoft Suite.
- Effective skills with time management, organization and prioritization.
- Proficient with the implementation of security principles, risk assessment policies and standards, information security best practices, products and technologies, defense-in-depth strategies, and network technologies.
- Knowledge and experience in several of the following areas: access control, application development, database, encryption, network, security controls, security frameworks such as NIST, server hardening, and server patching technologies.