Recruitment #2104-0771-001
Date Opened | 4/5/2021 5:30:00 PM |
---|---|
Close Date | 4/18/2021 11:59:00 PM |
HR Analyst | Shelly Urias |
Analyst Phone/Email | Shelly Urias/Shelly.Urias@tucsonaz.gov |
Salary | $53,456.00 - $93,932.00/year**Salary in accordance with Administrative Directives** |
Salary Grade | 110 |
Department | Information Technology |
Job Type | Open to All Applicants (External, Internal) |
Employment Type |
Full-Time
|
with proven success in the realm of Cyber and Information Systems Security to join our Cyber Security Team.
The Information Technology Department is in the midst of transformational change and is working to reinforce the cyber security posture of the City by bringing on additional talent. The ideal candidate will have strong technical, analytical, and communication skills and a high degree of initiative. The diversity of business functions within the City makes for a dynamic work environment that is both challenging and rewarding. Security Administrators will interact regularly with co-workers in other Divisions of the IT Department, customer departments, external agencies, contractors, and citizens in conveying technical information. Therefore, a person in this position must be able to communicate courteously and effectively with both technical and non-technical individuals.
This position is responsible for actively upholding the City’s stated mission and values. This position is also responsible to support and administer the City’s information security program and management infrastructure that ensures technology risks are identified and managed according to established risk policies and guidelines.
Regulatory compliance: PCI, HIPPA, CJIS, FTC Red Flags Rule.
Primary Responsibilities
· Assists in the development and implementation of information security procedures, policies and system security plans.
· Responsible for conducting security and compliance audits, security audit log reviews, and comprehensive investigation and remediation of computer security incidents.
· Analyze existing practices and recommend new policies and procedures based on the dynamically changing information technology environment.
· Contributes to information system and application hardening configurations in accordance with the City’s cybersecurity standards.
· Run compliance and vulnerability scans on systems, analyze the findings, and work with IT Department teams to apply applicable remediation manually or via administrative tools
· Provide customer service to end users of the information systems for cyber security-related requests and issues such as data transfers, user account management activities, software approval requests, and end user cyber security training.
· Assist with product research and testing utilizing open-source resources as well as coordination with appropriate vendors
· Respond to Cyber Security alerts and conduct investigations under the direction of Section’s IT Manager – Monitoring, responding, investigating SIEM, WAF, IDS alerts/alarms and MS-ISAC ALBERT alerts.
· Instructs users on the importance of good cyber hygiene and administers security phishing and email awareness training for the city of Tucson.
· Participate in the various department processes and procedures such as Change Control reviews and asset inventory reviews.
· Recommend, oversee, and provide guidance for best practice configurations and implementations for new software solutions to stay abreast of the ever-evolving landscape of cyber attacks to advise on potential threats and solutions.
· Coordination with the various divisions and sections within the IT Department to address remediation of vulnerabilities, policy violations, and directives.
· Security governance project coordination and vendor management for 3rd party security affiliations.
· Cylance AV monitoring, maintenance, requests and response.
· Other duties, as assigned.
Work is widely varied, involving analyzing and evaluating many complex and significant variables. City-wide policies, procedures, or precedents may be developed and recommended. Configuring security systems, analyzing security requirements, and recommending improvements.
Knowledge of, or ability to
learn, policies, procedures, and guidelines established by professional
organizations
Knowledge of different classes
of attacks (e.g., passive, active, insider, close-in, distribution, etc.)
Knowledge of system and
application security threats and vulnerabilities (e.g., buffer overflow, mobile
code, cross-site scripting, PL/SQL and injections, race conditions, covert
channel, replay, return-oriented attacks, and malicious code)
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
Knowledge of penetration testing principles, tools, and techniques (e.g., Metasploit, Neosploit, etc.)
Knowledge of general attack
stages (e.g., foot printing and scanning, enumeration, gaining access,
escalation of privileges, maintaining access, network exploitation, covering
tracks, etc.)
Knowledge of what constitutes a
network attack and the relationship to both threats and vulnerabilities
Knowledge of network security
architecture concepts including topology, protocols, components, and principles
(e.g., application of Defense-in-Depth)
Skill in talking to others to
convey information effectively
Skill in analyzing and
organizing technical data
Skill in the use of social
engineering techniques
Ability to process information
logically
Ability to analyze, organize,
and prioritize work while meeting multiple deadlines
Ability to develop, interpret, and evaluate policies and procedures
EDUCATION LEVEL & TYPE: Bachelor’s degree from an accredited college or university with major course work in computer information systems, business administration, public administration or a degree related to the core functions of this position
EXPERIENCE: Five (5) to Seven (7) years of professional-level experience in computer network and IT systems security associated with a large organization. One year of experience administering security-specific hardware required.
As part of the online application process all applicants are required to submit a resume and cover letter under the "Resume" tab or email to Shelly.Urias@tucsonaz.gov Resumes and cover letters will be reviewed and scored. Please ensure your application contains the required resume and cover letter prior to submission. Applications received without a resume and cover letter will be considered incomplete.
You are highly encouraged to print this bulletin because it
contains important testing dates and information that you will need to refer to
later, as it will not be available after the closing date.
Driving Level: Incidental
License Type: Valid and
Unrestricted Class D – Driver
CDL Endorsements: No
Safety Sensitive (driving requirement): No