The Office of Management and Enterprise Services is seeking an experienced Information Security Technician. This is a full time, unclassified position in state government and will be eligible for a generous total rewards package. Benefits include medical, dental, life, and disability insurance products as well as defined benefit and defined contribution retirement plans. Employees earn 3 weeks paid annual and 3 weeks sick leave in the first year as well as enjoy 11 paid holidays annually, flexible work hours, comp time, longevity pay and tuition reimbursement.
This position will administer and oversee information security systems and tools required to protect critical state assets. This position requires an individual knowledgeable in Access Control Systems; Systems Development; Business Continuity & Disaster Recovery Planning; Incident Response & Management; Forensic Security Investigations; Telecommunications, Network & Internet Security; and Security Tools for Defense in Depth. The primary focus of this position is on the integrity of the infrastructure and the processes required for delivering applications and services throughout OSF, as well as various state government networks and environments, including those managed and operated by third parties.
• Coordinate requests from agencies related to security issues and questions.
• Support the OSF information security architecture and coordinate related activities with other State Agencies and Entities.
• Coordinate and support technologies used to defend and support our information security architecture and infrastructure.
• Support intrusion detection and intrusion prevention (IDS & IPS) systems to identify vulnerabilities, attack patterns and signatures for the detection and prevention of service intrusions, interruptions and/or denial of service incidents.
• Respond to information security incidents for OSF and other the agencies to comply with our statewide and Agency Information Security policy, procedures and guidelines.
• Coordinate incident management procedures, including incident response and investigation, reporting to the appropriate authorities and utilizing forensic best practices as needs dictate.
• Research and stay current on the latest information security technologies.
• Coordinate and support information security policies, procedures, standards and guidelines.
• Provide support for the business continuity and disaster recovery planning, development and testing processes.
• Provide information security awareness education and training for OSF and other state agencies or entities.
• Other duties as assigned.
Supervisory Responsibilities: This position oversees other staff responsible for information security projects and related activities.
Bachelor’s degree in Computer Sciences, Business, Engineering or related discipline with an information technology focus is preferred and a minimum of two years of experience in information security administration or similar operations, maintenance and support of the duties and technologies described in the position purpose and principal activities; or an equivalent combination of education and experience, substituting one year of experience in Computer Science, Information Technology, Application development, or closely related field for each required year of education.
Preference may be given to applicants who possess the following:
- A minimum of two years experience in the configuration and support of security technologies such as Symantec, Nessus, and Nexpose by Rapid7.
- A minimum of two years experience in the configuration and support of intrusion detection and intrusion prevention systems.
Proficient with network scanning, vulnerability assessment and network penetration testing tools.
- Proficiency or exposure to Ruby Programming and Ruby on Rails application development and troubleshooting.
- Experience identifying, trouble-shooting and resolving security issues related to network devices, servers and PC’s.
- Certification as an information systems security professional from an accredited certification organization, such as ISC2, ISACA or SANS.