Job Description
Job Overview
Responsible for the performance of highly complex cyber security functions related to the design, installation, maintenance, auditing, investigation, and assessment of software applications, networks, and the County's enterprise level information systems. Responsible for proactively identifying and implementing security measures to prevent emerging vulnerabilities, utilizing a diverse array of tools and methodologies. Incumbent will use sound judgement to assess risk, conduct audits, collect and review data, collaborate with other technology divisions, and write reports to advise leadership.
Starting Salary
75,129 - $97,676
Benefits
Click HERE to view our Benefits at a glance
Minimum Qualifications
- Bachelor's degree from an accredited college or university with a major in information security or another similar technology field; AND
- Three years of experience in information security system administration and risk assessment within an enterprise environment, encompassing third-party risk, risk analysis, risk mitigation, and residual risk management;
- Three years of experience leveraging industry-leading cybersecurity tools (SIEM, EDR, vulnerability scanning, and web application security) for comprehensive threat detection and mitigation; OR
- An equivalent combination of education (not less than a high school diploma / GED), training and experience that would reasonably be expected to provide the job-related competencies noted above.
Core Competencies
Customer Commitment - Proactively seeks to understand the needs of the customers and provide the highest standards of service.Dedication to Professionalism and Integrity - Demonstrates and promotes fair, honest, professional and ethical behaviors that establishes trust throughout the organization and with the public we serve.Organizational Excellence - Takes ownership for excellence through one's personal effectiveness and dedication to the continuous improvement of our operations.Success through Teamwork - Collaborates and builds partnerships through trust and the open exchange of diverse ideas and perspectives to achieve organizational goals.Duties and Responsibilities
Note : The following duties are illustrative and not exhaustive. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to the position. Depending on assigned area of responsibility, incumbents in the position may perform one or more of the activities described below :
Conduct thorough assessments of software applications, networks, and systems to identify security vulnerabilities and weaknesses.Utilize various tools and methodologies to perform vulnerability scanning, penetration testing, and code review.Collaborate with cross-functional teams to prioritize and mitigate vulnerabilities based on their potential impact and risk.Provide detailed reports outlining vulnerabilities, including their potential impact and recommendations for remediation.Work closely with developers and system administrators to verify implementation of security patches, fixes, and improvements.Participate in designing and implementing security measures to prevent future vulnerabilities.Stay updated with the latest security threats, attack vectors, and industry best practices to identify and address emerging vulnerabilities proactively.Assist in incident response activities, analyzing security incidents to determine the root cause and providing recommendations for prevention.Use frameworks such as MITRE ATT&CK to map adversary tactics and techniques and design hunting scenarios based on threat actor behavior.Collaborate with incident response teams to validate incidents, identify root causes, and assist with post-mortem analysis.Other related duties as assigned.Job Specifications
Critical Thinking :
Exceptional critical thinking and situational awareness skills to identify systemic security issues through vulnerability and configuration data analysis.Decision Making :
Demonstrates high personal integrity and the ability to handle confidential matters with sound judgment and professionalism.Communication :
Proficient communication skills to effectively collaborate with both technical and non-technical stakeholders. Provide detailed reports outlining vulnerabilities, including their potential impact and recommendations for remediation.Strategic Planning :
Stay updated with the latest security threats, attack vectors, and industry best practices to identify and address emerging vulnerabilities proactively.Managerial / Operational Skills :
Work closely with developers and system administrators to verify implementation of security patches, fixes, and improvements. Participate in designing and implementing security measures to prevent future vulnerabilities.Leadership :
Capable of serving as a Cyber Security Subject Matter Expert (SME) for externally managed technology projects from various departments.Analytical Ability :
Excellent critical thinking and situational awareness skills to identify systemic security issues through vulnerability and configuration data analysis.Managing Complexity :
Extensive knowledge of cybersecurity best practices, including familiarity with CIS Critical Controls, NIST Cybersecurity Framework (CSF), MITRE ATT&CK Framework. Utilize various tools and methodologies to perform vulnerability scanning, penetration testing, and code review.Other :
Hands-on experience in incident response and recovery, utilizing MITRE and security best-practice assessment methodologies.Physical Requirements
Speaking, vision, hearing, sitting, and standing. Use of office machinery such as PCs, Smart Phones, Tablets, and multi-function devices.Work Category
Sedentary Work - Exerting up to 10 pounds of force occasionally, and / or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.Emergency Management Responsibilities
In the event of an emergency or disaster, an employee may be required to respond promptly to duties and responsibilities as assigned by the employee's department, the County's Office of Emergency Management, or County Administration. Such assignments may be for before, during or after the emergency / disaster.
Salary : $75,129 - $97,676
