Red Team Engineer (Enterprise Information Security Professional 1)

Job Description

About Us :

The Ohio Department of Administrative Services (DAS), Office of Information Technology (OIT) is seeking an experienced and motivated professional to serve as a Red Team Engineer (Enterprise Security Professional 1) for the Office of Information Security and Privacy (OISP) team within the Office of Information Technology at DAS.

Led by Director Kathleen C. Madden, the Ohio Department of Administrative Services is the engine of state government, providing innovative solutions and supporting the efficient operation of state agencies, boards and commissions. The Office of Information Technology at DAS delivers information technology (IT) and telecommunication services to State of Ohio agencies, boards and commissions.

What You'll Do :

Under general supervision in the Office of Information Security and Privacy, identifies weaknesses in the State's security controls as well as the State's detection and response capabilities by :

• Conducts exercises emulating adversaries' operations.
• Identifies and uncovers misconfigurations in the State's network.
• Evaluates the security of the State's websites to discover otherwise unknown security issues.
• Conducts penetration tests and / or coordinates with external penetration testing partners to verify vulnerabilities are exploitable.
• Presents findings to stakeholders and advises on corrective measures on vulnerabilities.
• Engineers offensive security solutions to exploit IT infrastructure and application weaknesses.
• Collaborates with other technical resources to develop and implement mitigation strategies for discovered vulnerabilities.
• Monitors and evaluates the effectiveness of the enterprise's cybersecurity safeguards vis-à-vis findings to ensure that findings from exercise are adequately addressed.
• Identifies, collects, and reports metrics related to progress, operations, and findings.
• Works with agencies on requests for regulatory penetration testing to ensure that their testing is adequate.
• Conducts efforts to evaluate, recommend & implement IT security standards & best practices to remediate discovered vulnerabilities.
• Conducts threat or target analysis of cyber defense information and production of threat information within the enterprise.

Performs other duties as assigned.

Position may require flexible schedule to include evening, weekends or call-in to meet urgent business needs.

What's in it for you :

At the State of Ohio, we take care of the team that cares for Ohioans. We provide a variety of quality, competitive benefits to eligible full-time and part-time employees. For a list of all the State of Ohio Benefits, visit our Total Rewards website ! Our benefits package includes :

Medical Coverage

Dental, Vision and Basic Life Insurance

Time Away From Work and Work / Life Balance

Employee Development Funds

Ohio Public Employees Retirement System

Deferred Compensation

Ohio is a Disability Inclusion State and strives to be a Model Employer of Individuals with disabilities. The State of Ohio is committed to providing access and inclusion and reasonable accommodation in its services, activities, programs and employment opportunities in accordance with the Americans with Disabilities Act (ADA) and other applicable laws.

Qualifications

Minimum Qualifications :

Completion of undergraduate core coursework in computer science; 12 mos. trg. or 12 mos. exp. in computer data security either through monitoring system / network traffic for anomalous activity, systems development or controlling accessibility of data.

Job Skills : Cybersecurity, Information Technology, Critical Thinking

Knowledge :

1. Computer science, computer security best practices

2. Cyber security policy development and business / IT planning

3. Network security measures, equipment & software

4. Federal statutes, laws, regulations, policies, & guidelines pertaining to computer security

5. Technical writing techniques

6. TCP / IP protocols and computer hardware systems

7. Integration of firewalls, intrusion detection / prevention systems, users' authentication systems, virtual private networks

8. Computer networking both wired & wireless

9. Disaster recovery planning

10. Security architecture

11. Division & agency policies & procedures

12. Information security program management and project management principles and techniques.

13. Enterprise incident response program, roles, and responsibilities.

14. Penetration testing principles, tools, and techniques

15. `Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Skills

1. Operation of personal computer & associated hardware / software

2. Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes

3. Use of penetration testing tools and techniques

4. Use of social engineering techniques

5. Use of vulnerability scanning tools

6. Software development and scripting

Abilities :

1. Interpret extensive variety of technical material in books, manuals, & network / system diagrams

2. Apply techniques for conducting host and network-based intrusions using offensive security technologies

3. Apply techniques for detecting host and network-based intrusions using intrusion detection technologies

Supplemental Information

Applying for Position :