Job Classification: ITSS2
Role: IT Security Specialist 2
This is a re-post of 44061. The Manager has made revisions to the job description. All changes have been highlighted.
SPECIAL NOTE: This team is running a 24/7 operation. Consultant may need to come in during incident or emergency situations.
Will Close to Submissions on: 12/15 at 12:00 PM
Interview Process: Local Candidates HIGHLY preferred. In person Interviews will be held on 12/20 or 12/21
Requirement Description:
Security Consultant to help IT Augment the security staff until OIT can take over all Security related needs for the agency.
This position will function as a hands-on, highly-skilled, IT Security Analyst, with specific responsibilities that include:
1. Monitor network and information system activity. Perform event correlation, analysis of malicious activity indicators, based on review and access to multiple security tools and services.
2. Respond to alerts (analyze, interpret, investigate, resolve) based on monitoring activity, for security (malware, malicious actor), and other purposes (malicious activity, misuse, etc.).
3. Manage, update, modify alerts, adjust/fine tune event correlation rules, etc. (e.g. filter false positives, increase accuracy/relevance/effectiveness), create new rules based on threat changes/evolving risk, etc.
4. Understands principles such as SANS/CIS Top 20 Critical Security Controls, and OWASP Top 10 Critical Web Application Security Risks, and applies them using security tools.
5. Functions as project team member, is team-oriented, and capable of extending contribution beyond security functions to support other IT functions.
6. Understands customer support and provides routine security and general support (tickets, ad-hoc requests, etc.) to all DPS departments/users, IT groups/resources, external (other state agencies, public), etc.
7. Uses creativity and innovation to improve security processes and procedures.
8. Perform specialized security functions (e.g. forensics for incident response).
9. SPECIAL NOTE: We are running a 24/7 operation. Consultant may need to come in during incident or emergency situations.
Additional Details:
During the interview process with the ODPS staff, the resource must clearly demonstrate competence/experience in the specific areas of project assignment.
The resource's hands-on experience must also be clearly documented for review and verification.
Offered resources not possessing the required technical or functional competence/experience will be sufficient reason to reject the Offeror’s proposal. It is the responsibility of the Offeror to pre-screen candidates to ensure compliance.
1. Strong communication, proven collaboration and teamwork skills.
2. Ability to work independently and as part of a team, ability to manage time and resources to meet assigned deadlines.
3. Strong understanding of prioritization stemming from the elicitation of system and/or user requirements.
4. Excellent organizational skills, proven analytical, planning, problem solving, and decision-making skills.
5. Knowledgeable in the English language/speak clearly and understandably using the English language. Excellent oral and written skills.
Resource will have a background check conducted by ODPS.
Mandatory Requirements:
1. CISSP Required.
2. 10 Total years IT experience.
3. 8 Years IT security experience.
4. 2 Years hands-on SIEM experience (Q-Radar preferred), and IPS (IBM preferred).
5. 4 Years hands-on experience with Web and Email Filtering and Security (IronPort preferred).
6. 5 Years hands-on experience with Web Application Firewall/Database Activity Monitoring (Imperva preferred).
7. 3 Years hands-on endpoint protection experience (McAfee preferred).
8. 3 year of hands-on vulnerability scanning experience (Qualys preferred).
9. 3 year of hands-on application security scanning experience (AppScan preferred).
10. 6 Years' experience with the full range of system administration and networking tools including DHCP, DNS, Wireshark, Putty, etc.
11. Proven contribution to continuous process improvements to increase the efficiency of section.
12. Excellent communication skills both written and oral.
Desired Skills:
IBM Q-Radar
IronPort Web/Email Security
Imperva
Qualys
McAfee Enterprise solutions
Splunk
IBM IPS
Kali
Penetration testing
PowerShell 3.0 scripting background
ITIL Knowledge and ITSM Tools
