Performs tasks and procedures to secure system and data resources. Assists in development and deployment of security tools, services, and solutions in support of agency business objectives.
This class is intended for use at the entry- to mid- level.
Implements and monitors information security and IT threat management for the agency. Works in a team setting to achieve security objectives and address technology, system, and program risks. Researches information security events, incidents, and issues to isolate and identify root or systemic causes. Aids in the development of solutions to resolve identified risks or assists with developing risk mitigation strategies. Assists business, operational, and technical teams with translating security requirements into functional specifications. Assists with the analysis and development of security plans for various systems. Assists in developing, deploying, and assessing security configurations and controls for on-premises and hosted (i.e., cloud) infrastructure services, operating systems, applications, networking, and telecommunications equipment. Assists in developing technical documentation (designs, specifications, processes, and workflows) and communications. Carries out procedures to ensure that all systems, products, and services meet agency approved security standards. Assists business units and operational teams with information security risk assessments. Works with customers and management to identify, select, and implement technical and procedural security controls. Assists with information security training and awareness programs.
Knowledge of system and network security for common operating systems and local area networks. Familiarity with security tools and technologies to deploy, manage, measure and audit system and network security. Basic understanding of application, hosted service, and cloud security principles. Ability to contribute to the development of detailed technical documentation on security processes and procedures. Basic analytical and problem-solving skills. Basic knowledge and understanding of information risks concepts and principles as a means of relating business needs and security controls. Ability to communicate with audiences with varying levels of technical knowledge. Basic knowledge of project management.
May require specific information security certifications designated by the hiring agency.
A bachelor's degree in information technology systems, computer science, or a related field and experience in the information technology field to include experience in a security-focused role. Relevant experience may be substituted for the bachelor's degree on a year-for-year basis.