City of Tucson

This position is responsible for actively upholding the City’s stated mission and values. This position is also responsible to support and administer the City’s information security program and management infrastructure that ensures technology risks are identified and managed according to established risk policies and guidelines.

Regulatory compliance: PCI, HIPPA, CJIS, FTC Red Flags Rule.

Work is widely varied, involving analyzing and evaluating many complex and significant variables. City-wide policies, procedures, or precedents may be developed and recommended.

Configuring security systems, analyzing security requirements, and recommending improvements. Monitoring network traffic for suspicious behavior. Creating network policies and authorization roles and defending against unauthorized access, modifications, and destruction.

Knowledge of, or ability to learn, policies, procedures, and guidelines established by professional organizations

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution, etc.)

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code)

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

Knowledge of penetration testing principles, tools, and techniques (e.g., Metasploit, Neosploit, etc.)

Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)

Skill in talking to others to convey information effectively

Skill in analyzing and organizing technical data

EDUCATION LEVEL & TYPE: Bachelor’s degree from an accredited college or university with major course work in computer information systems, business administration, public administration or a degree related to the core functions of this position

EXPERIENCE:

Five (5) to Seven (7) years of professional-level experience in computer network and IT systems security associated with a large organization. One year of experience administering security-specific hardware required.

This position operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines.

This position would require the ability to Sit, Stand, Bend, Reach, View Monitors, Use Repetitive Motions, as well as Talking, Listening, Customer/Client Contact.

FLSA Status: Exempt

Occupational Group Code:  06

Occupational Group Description: Data Processing

EEO Job Category Code: B

EEO Job Category Description: Officials and Administrators

Organizational Level: Administrator/Program Officer

NCCI: 8810

Bargaining Unit: No Representation 

Driving Level: Incidental

License Type: Valid and Unrestricted Class D – Driver

CDL Endorsements: No

Safety Sensitive (driving requirement):  No

This description is not intended to limit or in any way, modify the right of management to assign, direct, and control the work of employees under supervision. The listing of duties and responsibilities shall not be held to exclude other duties not mentioned that are of similar kind or level of difficulty. They are intended to describe the general nature and level of work being performed by individuals assigned to this position.

We are an Equal Opportunity Employer.