POSITION: Senior Information Security Lead
ORGANIZATION / LOCATION: Technology Operations
REPORTS TO: Director – Technology Operations
REVISION / REVIEW DATE:
JOB CODE:66
UNION: ASASP_III
CLASSIFICATION: ASASP Unit III
GRADE: 32
POSITION SUMMARY:Under the direction of the Director of Technology Operations, the Senior Information Security Lead will administer the PGCPS cybersecurity program by identifying and remediating security vulnerabilities as well as ensuring that related security policies and procedures are maintained and current. The incumbent will coordinate a cross-functional team focused on various layers of security in improving the overall information security posture of PGCPS. The Senior Information Security Lead will perform a wide variety of advanced technical and administrative duties related to the identification and mitigation of potential information system weaknesses and risks, manage research and analysis projects and make informed recommendations to management.
DUTIES AND RESPONSIBILITIES Plans,
develops and executes vulnerability scans of organization information systems;
works with system owner to remediate vulnerabilities; Identifies
and resolves false positive findings in assessment results; Leads a
cross-functional team of engineers and technicians working with the
organization’s various information systems on cybersecurity issues; Coordinates
with other departments to ensure proper strategic planning, resource allocation
and effective security risk mitigation; Identifies
potential weaknesses and vulnerabilities on assets (i.e., end points,
applications, users); Validates
weaknesses via exploitation and reports their findings and recommendations; Performs
reconnaissance and information collection on the target environment or attack
surface; Updates
related technology security policies and procedures; creates new policies and
procedures as needed; Designs
and implements security controls and/or corrective actions for mitigating technical
and business risk; Generates
reports on assessment findings and summarizes to facilitate remediation tasks;
and Performs
other duties as assigned.
QUALIFICATIONS Highest level of technical expertise in
cybersecurity, including deep familiarity with relevant penetration and
intrusion techniques and attack vectors; Strong understanding of web
technologies; understanding of compliance and regulatory requirements; Solid grasp of core security
fundamentals and concepts; understanding of business needs; Familiarity with the Open Web
Application Security Project (OWASP) top 10 vulnerabilities Expertise with vulnerability scanning
software, asset identification software; expertise with offensive tools such
as: Metasploit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool; Proficient at creating script regular
expressions in preferred scripting language; Technical expertise in system security
vulnerabilities and remediation techniques, network and web-related protocols
(e.g., TCP/IP, UDP, IPSEC, HTTP, etc.); Excellent problem-solving and
communications skills; and Technical expertise in security
engineering, system and network security, authentication and security protocols.
EDUCATION and/or EXPERIENCE REQUIREMENTS: Bachelor’s degree from an accredited college or university in computer science, information security or a related field required; Master’s degree preferred. A minimum of five (5) years of experience in information security performing vulnerability scans, penetration testing, or in a similar role required. A minimum of three (3) years of experience with developing and/or maintaining security policies and procedures preferred.
CERTIFICATION REQUIREMENTS: Certified Ethical Hacker (CEH), GIAC Certified Pen Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Certified Security Professional (OSCP), Offensive Security Certified (OSC) or equivalent certification preferred.
SUPERVISORY RESPONSIBILITIES: May supervise other employees and assist the Director in providing guidance and direction to the department.
PHYSICAL DEMANDS: The physical demands are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to stand, talk, hear, walk, sit, and use fingers, tools or controls. The employee is occasionally required to reach with hands and arms and stoop, kneel, crouch, or crawl. Specific vision abilities required by this job include close vision such as to read handwritten or typed material, the ability to adjust focus, and depth perception. While performing the duties of this job, the employee may occasionally push or lift up to 25 lbs.
WORKING ENVIRONMENT: Normal
ADDITIONAL INFORMATION: None.
Prince George’s County Public Schools • www.pgcps.org • 14201 School Lane, Upper Marlboro, MD 20772