City of Tucson

SECURITY ADMINISTRATOR (#0771)

$25.70-$45.16 Hourly / $53,456.00-$93,932.00 Yearly
Salary Grade: 715


General Description

This position is responsible for actively upholding the City’s stated mission and values. This position is also responsible to support and administer the City’s information security program and management infrastructure that ensures technology risks are identified and managed according to established risk policies and guidelines.

Regulatory compliance: PCI, HIPPA, CJIS, FTC Red Flags Rule.

Distinguishing Characteristics

Work is widely varied, involving analyzing and evaluating many complex and significant variables. City-wide policies, procedures, or precedents may be developed and recommended.

Configuring security systems, analyzing security requirements, and recommending improvements. Monitoring network traffic for suspicious behavior. Creating network policies and authorization roles and defending against unauthorized access, modifications, and destruction.

Essential Functions

Receive alerts and updates from agencies and respond with the appropriate action.

 

Meet with team/staff to share information, meetings with management, cross-training.

 

Work on projects regarding life-cycle, new systems, and software, other proposed department improvements.

 

Regulatory Compliance

Knowledge/Skills/Abilities

Knowledge of, or ability to learn, policies, procedures, and guidelines established by professional organizations

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution, etc.)

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

Knowledge of penetration testing principles, tools, and techniques (e.g., Metasploit, Neosploit, etc.)

Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)

Skill in talking to others to convey information effectively

Skill in analyzing and organizing technical data

Skill in using computer applications including spreadsheet, database, and word processing software
Skill in the use of penetration testing tools and techniques
Skill in performing the packet-level analysis (e.g., Wireshark, TCP-dump, etc.)Skill in performing damage assessments

Skill in the use of social engineering techniques

Ability to process information logically

Ability to analyze, organize, and prioritize work while meeting multiple deadlines

Ability to develop, interpret, and evaluate policies and procedures

Minimum Qualifications

EDUCATION LEVEL & TYPE: Bachelor’s degree from an accredited college or university with major course work in computer information systems, business administration, public administration or a degree related to the core functions of this position

EXPERIENCE:

Five (5) to Seven (7) years of professional-level experience in computer network and IT systems security associated with a large organization. One year of experience administering security-specific hardware required.

Environment/Working Conditions

This position operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines.

Physical Demand/Levels

This position would require the ability to Sit, Stand, Bend, Reach, View Monitors, Use Repetitive Motions, as well as Talking, Listening, Customer/Client Contact.

Other Information

FLSA Status: Exempt

Occupational Group Code:  06

Occupational Group Description: Data Processing

EEO Job Category Code: B

EEO Job Category Description: Officials and Administrators

Organizational Level: Administrator/Program Officer

NCCI: 8810

Bargaining Unit: No Representation 

Driving Requirements

Driving Level: Incidental

License Type: Valid and Unrestricted Class D – Driver

CDL Endorsements: No

Safety Sensitive (driving requirement):  No

Job Description Disclaimer

This description is not intended to limit or in any way, modify the right of management to assign, direct, and control the work of employees under supervision. The listing of duties and responsibilities shall not be held to exclude other duties not mentioned that are of similar kind or level of difficulty. They are intended to describe the general nature and level of work being performed by individuals assigned to this position.

We are an Equal Opportunity Employer. 

 


CLASS: 0771; EST: 4/15/2020; REV: 4/15/2020;