Conduct security assessments and design reviews
Risk assessments are performed including design reviews for all software, hardware, new systems/applications, and changes to existing systems/applications to ensure the organization is not allowing unacceptable risk.
Maintain security solutions and tools
As the technical owner of assigned security solutions and tools, this position will use their deep understanding and knowledge of their assigned security tools to ensure they are working and meeting security requirements. Such measures/solutions and tools can include, but not limited to: static and dynamic application test tools, firewalls, vulnerability scanners, Security Incident and Event Management (SIEM), Cloud Access Security Broker (CASB), static and dynamic application security testing and data encryption programs.
Develop organization–wide policy, security standards, specifications, and controls
Development of organization-wide standards, specifications and security controls that are in compliance with laws and standards the organization is under.
Evaluate technical security controls
Individually, leads or works with a team to evaluate current and new security controls for systems to validate effectiveness of technical and administrative as designed. As a result, the testing will identify, document and remediate risks
Detects threats and intrusions
Activities in logs are being reviewed and analyzed so that intrusions and threat are identified and mitigations enacted to secure the organizations computing environment. Once discovered these issues are addressed.
Conducts response to cyber security incidents including forensic analysis
Security issues are resolved and communicated in a consistent and reliable manner providing a secure application development environment that produces functional and secure software that improves user efficiency.
This position is issued a cellular phone and email device and is expected to monitor it Monday through Friday, 8:00 a.m. to 5:00 p.m., and periodically when off duty and respond to notices and/or calls within two hours. Occasional off-shift or weekend work may be necessary.
- Bachelor’s degree in Computer science, cybersecurity, information technology, or other related fields.
- 5 years of cybersecurity experience
- Acceptable certifications may replace 3 years of experience. Examples of certification are but not limited to:
- (ISC)2 (CISSP,CCSP,CISSP-ISSAP) ISACA(CISM) COMPTIA(SECURITY+,CYSA,PENTEST+)