Cyber Security Specialist

The Idaho Judicial Branch is seeking a highly skilled Cybersecurity Specialist to join our team. The position plays a key role in assessing, strengthening, and documenting the cybersecurity posture of our organization.

IMPORTANT NOTES - Read Fully:

1 - This is ONLY budgeted as a 4-month position. Candidates you submit MUST be aware of this and MUST be Ok with accepting a position that will only run for 4-months in duration.

2 - This position requires ONSITE work in a hybrid schedule. Ideally the client would like someone who can be there 3-days per week onsite, however they can be somewhat flexible with the onsite schedule. Fully remote is NOT an option for this position. Please only submit candidates local to Boise who are able to commit to working onsite in a hybrid schedule.

3 - Please answer all questions in the Questions section appropriately. If you do not answer the questions as required, your candidate will not be considered for screening.

JOB DETAILS:

This Cybersecurity Specialist will be responsible for implementing security best practices, identifying vulnerabilities, and ensuring compliance with legal and regulatory requirements. The position requires strong documentation and writing skills as well as the ability to collaborate effectively with IT, cybersecurity, and business stakeholders.

Key Responsibilities:

Cybersecurity Risk Assessment & Remediation: Conduct thorough assessments of the organization's current security posture, identifying vulnerabilities and implementing remediation measures to mitigate risks.

Security Architecture & Solution Design: Assist in designing and implementing security controls and systems to protect critical assets, data, and networks.

Incident Response Support: Support incident response efforts by identifying and addressing potential security threats, conducting root cause analysis, and assisting with incident reporting and recovery efforts.

Documentation & Reporting: Create and maintain clear, detailed security documentation, including policies, procedures, and incident reports. Ensure that security measures are clearly documented for internal and external stakeholders.

Collaboration with Stakeholders: Work closely with IT, cybersecurity teams, and business units to ensure alignment of cybersecurity initiatives with organizational goals and regulatory requirements.

Compliance Assurance: Ensure that cybersecurity policies and practices are aligned with applicable legal and regulatory requirements (e.g., GDPR, HIPAA, NIST).

Training & Awareness: Provide support for developing training materials and conducting awareness sessions on security best practices for various stakeholders across the organization.

Security Monitoring: Assist in configuring and monitoring security tools (e.g., SIEM, IDS/IPS, EDR) to proactively detect and mitigate security threats.

Required Skills and Experience:

Cybersecurity Expertise: A minimum of 4-6 years of hands-on experience in the field of cybersecurity, with a strong understanding of threat detection, vulnerability management, risk assessment, and incident response.

Technical Proficiency:

· Experience with SIEM tools, IDS/IPS systems, firewalls, endpoint protection, and network security.

· Familiarity with data encryption techniques, secure network design, and cloud security principles.

Strong Documentation & Writing Skills:

· Proven ability to create clear, concise, and detailed documentation, including incident reports, security policies, procedures, and technical designs.

· Ability to communicate complex security concepts to both technical and non-technical stakeholders in an understandable and actionable way.

Compliance & Regulatory Knowledge:

· Knowledge of key cybersecurity frameworks and compliance requirements, such as NIST, ISO/IEC 27001, GDPR, and HIPAA.

· Experience ensuring security measures meet regulatory and legal standards.

Collaboration & Communication Skills:

· Strong interpersonal and communication skills to effectively collaborate with cross-functional teams (IT, legal, compliance, and business units).

· Ability to work with stakeholders to understand business needs and align security initiatives accordingly.

Risk Management & Incident Response:

· Experience in identifying and managing cybersecurity risks, as well as responding to and mitigating security incidents.

· Ability to support incident response and assist with post-incident analysis and reporting.\u2028

Preferred Skills and Experience:

· Certifications: Relevant certifications such as CISSP, CISM, CISA, CompTIA Security , CEH (Certified Ethical Hacker), or similar.

· Cloud Security: Experience securing cloud environments such as AWS, Azure, or Google Cloud, and using cloud-native security tools.

· Attention to Detail: Precision and accuracy in documentation, analysis, and implementation of security measures.

· Adaptability & Problem Solving: Ability to quickly adapt to new security challenges, troubleshoot complex issues, and come up with effective solutions.

· Project Management Skills: Ability to prioritize tasks, manage deadlines, and work independently or as part of a team to achieve objectives in a timely manner.

· Analytical Mindset: Ability to assess security risks and vulnerabilities and develop strategies for remediation.

Required/Desired Skills

SkillRequired /DesiredAmountCandidate Experience

Incident response

Required

5

Years

Firewall, IDS/IPS

Required

3

Years

SIEM

Required

2

Years

Endpoint Detection and Response (EDR), Managed Detection and Response (MDR)

Required

2

Years

Vulnerability management

Required

2

Years

Security Awareness and Training

Required

1

Years

Compliance with and assessment against security frameworks such as NIST 800-53, NIST CSG, CIS Top 18

Required

3

Years

Cloud security

Required

1

Years

Project management

Highly desired

1

Years

Certifications such as CISSP, CISM, CISA, or GIAC GCIH

Nice to have

1

Months

Exceptional communication skills (both written and verbal) are required for this position.

Required

0

Questions

No.QuestionCandidate Answer

Question1

Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you agree to this requirement?

Question2

What is your candidate's email address?

Question3

Have you completed and submitted the Right to Represent form, making sure to do so exactly as instructed? The form is located at https://www.cai.io/media/documents/msp/id/idaho_e-rtr_template.doc.

Question5

Respond to this question with a link to your candidate's LinkedIn Profile.

Question6

This is a SHORT-TERM position. The position is only budgeted for a duration of 4 months. You MUST make the candidate aware of this short-term expectation. Please confirm you have discussed this short-term duration with your candidate and they accept this requirement.

Question7

ONSITE work is required in a hybrid schedule for this position. Selected resource will ideally work 3 days/week in the office and the other 2 days remote. However, the client can be somewhat flexible with the onsite weekly hybrid schedule. Because of onsite requirement and short term duration, local candidates should be submitted. Fully remote IS NOT an option. Confirm you've discussed this with your candidate and accept this requirement.

Question8

ANSWER APPROPRIATELY: What hybrid schedule is your candidate able to commit to if selected (for example, 3 days onsite per week, 2 days onsite, 1 day onsite per week, etc). If you do not answer this question appropriately, we will not consider your candidate for screening.

Question9

All local candidates submitted MUST be able to attend an IN-PERSON interview at the client location if selected to interview. Please confirm you have discussed this with your candidate and they are able to make an in-person interview if selected by the client for an interview.

Question10

Please SPECIFY the CITY and STATE in which your candidate is CURRENTLY located (if not specified or if location specified is determined to be untrue at any point during the screening/interview/onboarding process - INCLUDING DURING BACKGROUND CHECK WHICH WILL CONFIRM TRUE ADDRESS - your candidate will not be considered/will be removed from consideration for the position).

Question11

All WORK HISTORY and EDUCATION listed on resume WILL BE VERIFIED during the background check process for your candidate. Please confirm you and the candidate understand this, and the information presented on the resume is true and accurate.

Question12

PROVIDE ANSWER FROM THE CANDIDATE for CONSIDERATION: Have you ever created an incident response plan and what was your direct involvement?

Question13

PROVIDE ANSWER FROM THE CANDIDATE for CONSIDERATION: What specific security tools have you had hands-on experience with and what was your direct experience with either implementing or maintaining each?

Question14

Please prepare your candidate that they may receive a screening call from someone at CAI at any point between the time of submittal through close of business, Friday, April 4, to discuss their qualifications for this position. Please MAKE SURE THEY ARE PREPARED FOR THIS CALL and are PREPARED TO GIVE US YOUR COMPANY's NAME as the vendor that submitted them for this position. Please confirm you have discussed this with them and they will be prepared for a potential screening call from CAI.