Senior IT Security Engineer
County of Marin - san rafael, CA
Apply NowJob Description
Salary : $112,086.00 - $135,603.00 Annually Location : San Rafael, CA Job Type: Full Time, Regular Remote Employment: Flexible/Hybrid Job Number: Department: Information Services and Technology Opening Date: 08/12/2024 Closing Date: Continuous Vacancies: 1 Weekly Schedule: 37.5 hours Equal Employment Opportunity (EEO): The County of Marin is an Equal Opportunity Employer. Persons of color, women, individuals with disabilities, veterans, and adults of all ages are strongly encouraged to apply. Individuals with Disabilities: If you are a person with a disability and are unable to complete an online application or require an accommodation to participate in a recruitment, you must contact Human Resources at least five work days in advance of the testing step or interview. Please contact the Human Resources Staffing Division at (415) (CRS DIAL 711) . ABOUT US About the Information Service and Technology (IST) Department : Marin County IST connects the people of Marin with their government by providing innovative products and services tailored to the needs of our departments and communities accessible anytime, anywhere. We provide centralized IT services to County departments across four key areas: Business Solutions Delivery, Enterprise Platforms & Services, Information Security & Compliance, and IT Governance & Operations. In addition to a that includes Medical, Dental, Vision, Pension/Retirement, deferred compensation, and flexible spending accounts, we offer our employees: Hybrid (telework/onsite) work schedules Options for Alternative Work Schedules (such as 4-5/9's) A culture of public service collaboration and work/life balance Training and career development opportunities County benefits such as Employee Assistance Program (EAP) and Tuition Assistance Program (TAP) About the Information Security Team: Our team is responsible for managing technical security systems, operating the security operations center, responding to potential security incidents, conducting risk and vulnerability assessments, and designing and providing end-user cybersecurity awareness education and training. ABOUT THE POSITION There is currently one vacancy for a Senior Systems Engineer on the IST Security Team. Reporting to the Information Security Manager, this engineer monitors, addresses, and resolves departmental and enterprise IT security issues. They identify potential threats, mitigate security risks, and audit a variety of systems for compliance. They also work with IST and other county departments to implement information security standards, best practices, and controls, and develop and provide information security awareness education and training to ensure widespread adoption. In the course of their work, the Senior IT Security Engineer's will: Build, implement, and monitor new security controls, processes, and tools. Automate security tasks to improve efficiency. Respond to security incidents, coordinate responses across teams, and develop plans to improve future incident response. Perform security assessments and penetration-testing to find weaknesses in existing systems. Monitor networks and systems for potential threats, using tools like SIEM (Security Information and Event Management) to detect and analyze security events. Build and maintain security architecture. Create strategies and protocols to protect against cyber security attacks. Research the latest security threats, vulnerabilities, and technologies to maintain effective protection. Work closely with different departments and teams to integrate security measures into the organization's overall technology strategy. The Senior Systems Engineer (SSE) is the technical specialist level in the series, and they focus on creating and executing project plans, leading project teams under direction, and has a higher level of technical knowledge and skills. Remote Work Options: Some duties for this position may be performed remotely and options for a hybrid (telework/onsite) work schedule are available . However, the successful candidate must be able to report to County facilities for various meetings and work assignments upon short notice, as needed and when deemed appropriate. ABOUT YOU Our Highly Qualified Candidate: In the cybersecurity field, you often need to make high-stakes decisions with limited resources, information, and time. As such, ideal candidate for this team can thrive under stress, maintain a calm demeanor, and manage multiple issues concurrently. They apply strong communication skills to their work with a variety of technical and non-technical users, including IST team members, County employees, and vendors. Information Security certifications such as CISSP, CISM, CompTIA Security, and/or CCSP are not required but highly desired. Additionally, this engineer is significantly experienced in the following: Working in Microsoft 365, Active Directory, and Group Policy Monitoring endpoints, servers, networks, and applications for potential security threats. Investigating, documenting, and responding to security incidents, often on short notice. Working with technical security systems such as SIEM, firewalls, endpoint security, vulnerability management, patch management, PKI, and cloud security management. Working with end-user security awareness and training platforms. Performing security audits, testing, and internal risk assessments using standard industry frameworks. Using administrative tools to configure policies for enterprise security platforms both on-premises and in the cloud. Writing scripts to automate security operations tasks. Supporting security policies, standards, guidelines, and procedures to ensure ongoing security compliance. Working effectively both with team members and with minimal supervision. Participating in IT Security projects SENIOR SYSTEMS ENGINEER QUALIFICATIONS Knowledge of: Application analysis, design, programming, testing, and debugging. Computer hardware platforms, operating systems, and middleware systems. Information Security Principles. Principles of customer support and service. Principles and practices of technical problem solving. Testing standards and procedures. Principles and practices of project management, work planning, and status reporting. Business processes, operating practices, and the organizational structure of a public-sector agency. Principles and techniques of application and systems analysis and design. Ability to: Analyze and resolve problems in applications, and software and hardware integration. Apply technology to provide business solutions. Work effectively with clients, peers, and support teams to ensure that tasks are completed accurately and in a timely manner. Communicate effectively both orally and in writing. Evaluate and select hardware and software and work effectively with vendors to integrate solutions. Analyze and resolve complex problems, including applications, and hardware and software integrations. Work effectively with clients, peers, and support teams to define business requirements, provide support for software, hardware, and applications, and ensure that tasks are completed accurately and in a timely manner. Design systems that meet defined requirements, and document system designs for development, implementation, testing and client use. Research potential solutions and make recommendations for implementation; and apply technology to provide business solutions. Develop solutions and recommend technology to provide target business outcomes. MINIMUM QUALIFICATIONS Any six-year combination of professional experience, certification, and/or relevant coursework that demonstrates the necessary knowledge and abilities. Examples include: Twelve (12) semester units of coursework from an accredited program and in a discipline relevant to the assignment is equivalent to a full year of related professional experience. A completed certification program relevant to the assignment and knowledge and abilities necessary of the role. A training program with evidence of completion providing the knowledge and abilities necessary of the role. An internship and/or apprenticeship providing the required knowledge and abilities of the role. Relevant professional experience demonstrating knowledge and abilities necessary of the role. For the IT Security Assignment at this level, candidates should have at least one year of experience working directly with cybersecurity systems and platforms. Special Sub-class Recruitments: Recruitments for positions in this class may be conducted according to the program or department in which a vacancy exists and the special certificates, licenses and/or experience requirements of the position. SPECIAL REQUIREMENTS: Candidates selected are subject to fingerprinting by the Sheriff's Department and must pass a Department of Justice LiveScan background check prior to appointment. IMPORTANT INFORMATION Open & Continuous Recruitments: Because this recruitment is Open and Continuous, applicants are encouraged to submit completed applications as soon as possible. The filing period for an Open and Continuous recruitment may be closed at any time. For first consideration, apply by 11:59 PM on Monday, August 26th, 2024. All applicants will receive email notifications regarding their status in the recruitment process. Please be sure to check your spam settings to allow our emails to reach you. You may also log into your account to view these emails. Testing and Eligible List: Depending on the number of qualified applications received, the examination may consist of a highly qualified review, application screening, online assessment, written examination, oral examination, performance examination, or any combination to determine which candidates' names will be placed on the eligible list. The eligible list established from this recruitment may be used to fill the current vacancy, and any future vacancies for open, fixed-term, full-time or part-time positions which may occur while the list remains active. Disaster Service Workers: All County of Marin employees are designated Disaster Service Workers through state and local law (California Government Code Section ). Employment with the County requires the affirmation of a loyalty oath to this effect. Employees are required to complete all Disaster Service Worker-related training as assigned, and to return to work as ordered in the event of an emergency. Equal Employment Opportunity Employer: If you have questions regarding equal employment opportunities, please contact Roger Crawford, Equal Employment Opportunity Director, at . If you have questions concerning this position announcement, please contact Catherine Heckendorf at . PLEASE NOTE : The benefits described herein do not apply to temporary (contingent) or to part-time employees that work less than 50%. COUNTY OF MARIN BENEFITS: GENERAL Below are some of the excellent benefits the County offers. More information about our benefits can be found on the Paid Time Off : Competitive vacation accrual; 12 holidays per year; and generous sick leave accruals. Additional types of paid leaves are available for some bargaining units. Health Plan : Choice of four health plans (two Kaiser HMOs, Western Health Advantage HMO, and an Anthem Blue Cross PPO) along with dental through Delta Dental PPO, and vision through Vision Service Plan (VSP). There is a County contribution toward the premiums (the contribution amount varies depending on coverage tier elected such as employee only, employee + 1, employee + family). Plus, the County offers excellent Life Insurance, Disability, Flexible Spending Plans, a Dependent Care Assistance Program, professional development and more. Retirement : Defined benefit plan under the County Employees Retirement Act of 1937. More information can be found . IRS 457 Plan : Choice of pre-tax or post-tax (Roth) employee contribution up to the IRS annual maximum. Retiree Medical : The County provides access to group health plan coverage to eligible retirees. For specific questions regarding the employment process, please contact Human Resources at (415) . For additional details about the benefits or retirement, please contact the Benefits Division at (415) . *IMPORTANT NOTE: Benefits described herein do not represent a contract and may be changed without notice. 01 QUALIFYING EDUCATION/EXPERIENCE: The minimum qualifications for the position are as follows: The Minimum Qualifications for these positions are: Any six-year combination of professional experience, certification, and/or relevant coursework that demonstrates the necessary knowledge and abilities. Examples include: Twelve (12) semester units of coursework from an accredited program and in a discipline relevant to the assignment is equivalent to a full year of related professional experience. A completed certification program relevant to the assignment and knowledge and abilities necessary of the role. A training program with evidence of completion providing the knowledge and abilities necessary of the role. An internship and/or apprenticeship providing the required knowledge and abilities of the role. Relevant professional experience demonstrating knowledge and abilities necessary of the role For the IT Security Assignment at this level, candidates should have at least one year of experience working directly with cybersecurity systems and platforms. My relevant education, including degree(s) and major(s) of study or coursework is listed in the Education section of the standard application. Yes No (Not Applicable) 02 If relevant, any certifications or trainings related to the assignment are listed in the Certificates and Licenses section of the standard application. Yes No (Not Applicable) 03 My relevant professional level experience is listed in the Work Experience section of the standard application. Yes No (Not Applicable) 04 Please list any relevant certifications you have, including certifications related to Information Security such as CISSP, CISM, CompTIA Security+, and/or CCSP. In your response, please include the certification name and duration of the training period. This information must also be included in the Certificates & Licenses section of the application. If you do not possess relevant certifications, please state "N/A." 05 Please describe your experience with Information Security tools such as: Security Information and Event Management (SIEM), phishing attack detection and prevention, vulnerability management, cloud security management portal, and using scripts to automate security tasks. In your response, please include: The organization(s) where you performed this work The hardware, software, and tools you used How long you worked with the system(s) in months or years Your role in this work, including supervisory or lead responsibilities If you do not possess this experience, please state "N/A." 06 Please include any other information related to how you meet the above minimum qualifications in the textbox below, or state N/A. 07 NARRATIVE QUESTIONS Please answer all questions below with as much detail as possible. Please describe your experience conducting security risk assessments including internal risk assessment and vendor risk assessment. Your response should include: The organization(s) where you performed this work Which software, tools, standards, and frameworks you used How long you performed this work (in months or years) Your role in this work If you do not possess this experience, please state "N/A." 08 Please describe a security project in which you were involved. Your response should include: A description of the project The organization where this project was implemented Which platforms, tools, and techniques you used The make-up of the team and your role in the project If you do not possess this experience, please state N/A. Required Question
Created: 2024-11-05