Performs tasks and procedures to secure system and data resources. Develops processes and routines to deploy security tools, services, and solutions in support of agency business objectives.
This class is intended for use at the mid-level with the ability to operate with minimal supervision and at times, independently.
Implements processes and routines to achieve security objectives and address information system risks. Gathers, compiles, and synthesizes information for security processes or systems. Contributes to the enhancement of existing security technical and procedural controls. Develops and deploys new security controls in absence of existing or defined security controls. Assesses security requirements of information systems and translates those requirements into functional specifications. Oversees or implements solutions to enhance system security. Measures and reports on the effectiveness of security solutions and risk mitigation strategies. Contributes to the overall information security program through integration of security requirements and design considerations within the system development life cycle of agency technology platforms and applications. Participates in the development of strategies and plans to achieve security goals and address agency information technology risks. Develops, assesses, and measures baseline security configurations for on-premises and hosted (i.e., cloud) technology services, operating systems, applications, networking, and related equipment. Develops technical documentation (designs, specifications, processes, workflows) and communications. Participates in creating and executing security plans and procedures to ensure that all systems, products, and services meet agency security standards and service objectives. Analyzes current security processes and procedures to identify and make formal recommendations towards gains in security, efficiency, and cost savings. Consults with users and management to implement and improve security controls, processes, and routines. Facilitates delivery and tracking of information security training and awareness programs.
Knowledge of system and network security for common operating systems and local area networks. Ability to independently deploy, manage, measure, and audit system and network security. Broad knowledge of application, hosted service, and cloud security principles. Knowledge of information risk concepts and principles, with the ability to relate them to business needs and security controls. Ability to communicate with audiences with varying levels of technical knowledge. Moderate knowledge of project management and solution delivery.
A bachelor's degree in information technology systems, computer science, or a related field and experience in the information technology field to include experience in a security-focused role. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.