POSITION SUMMARY:
Under the
direction of the Director of Technology Operations, the Senior Information
Security Lead will administer the PGCPS cybersecurity program by identifying
and remediating security vulnerabilities as well as ensuring that related security
policies and procedures are maintained and current. The incumbent will
coordinate a cross-functional team focused on various layers of security in
improving the overall information security posture of PGCPS. The Senior
Information Security Lead will perform a wide variety of advanced technical and
administrative duties related to the identification and mitigation of potential
information system weaknesses and risks, manage research and analysis projects
and make informed recommendations to management.
DUTIES and RESPONSIBILITIES: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.
Plans,
develops and executes vulnerability scans of organization information systems;
works with system owner to remediate vulnerabilities;
Identifies
and resolves false positive findings in assessment results;
Leads a
cross-functional team of engineers and technicians working with the
organization’s various information systems on cybersecurity issues;
Coordinates
with other departments to ensure proper strategic planning, resource allocation
and effective security risk mitigation;
Identifies
potential weaknesses and vulnerabilities on assets (i.e., end points,
applications, users);
Validates
weaknesses via exploitation and reports their findings and recommendations;
Performs
reconnaissance and information collection on the target environment or attack
surface;
Updates
related technology security policies and procedures; creates new policies and
procedures as needed;
Designs
and implements security controls and/or corrective actions for mitigating technical
and business risk;
Generates
reports on assessment findings and summarizes to facilitate remediation tasks;
and
Performs
other duties as assigned.
QUALIFICATIONS:The requirements listed below are representative of the knowledge, skill, and/or ability required.
Highest level of technical expertise in
cybersecurity, including deep familiarity with relevant penetration and
intrusion techniques and attack vectors;
Strong understanding of web
technologies; understanding of compliance and regulatory requirements;
Solid grasp of core security
fundamentals and concepts; understanding of business needs;
Familiarity with the Open Web
Application Security Project (OWASP) top 10 vulnerabilities
Expertise with vulnerability scanning
software, asset identification software; expertise with offensive tools such
as: Metasploit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool;
Proficient at creating script regular
expressions in preferred scripting language;
Technical expertise in system security
vulnerabilities and remediation techniques, network and web-related protocols
(e.g., TCP/IP, UDP, IPSEC, HTTP, etc.);
Excellent problem-solving and
communications skills; and
Technical expertise in security
engineering, system and network security, authentication and security protocols.
EDUCATION and/or EXPERIENCE REQUIREMENTS:
Bachelor’s degree from an accredited college or
university in computer science, information security or a related field required;
Master’s degree preferred. A minimum of five
(5) years of experience in information security performing vulnerability scans,
penetration testing, or in a similar role required. A minimum of three (3) years of experience
with developing and/or maintaining security policies and procedures preferred.
CERTIFICATION REQUIREMENTS:
Certified
Ethical Hacker (CEH), GIAC Certified Pen Tester (GPEN), GIAC Exploit Researcher
and Advanced Penetration Tester (GXPN), Offensive Certified Security
Professional (OSCP), Offensive Security Certified (OSC) or equivalent
certification preferred.
SUPERVISORY RESPONSIBILITIES:
May supervise other employees and assist the Director in
providing guidance and direction to the department.
PHYSICAL DEMANDS:
The physical demands are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is frequently required to stand, talk, hear, walk, sit, and use fingers, tools or controls. The employee is occasionally required to reach with hands and arms and stoop, kneel, crouch, or crawl. Specific vision abilities required by this job include close vision such as to read handwritten or typed material, the ability to adjust focus, and depth perception. While performing the duties of this job, the employee may occasionally push or lift up to 25 lbs.
WORKING ENVIRONMENT:
The work environment characteristics are representative of those an employee encounters while performing the essential functions of the job.
ADDITIONAL INFORMATION:
None.