Minimum/General Experience: Five (5) years of technical experience in the analysis, design, and test of information security systems. Requires competence in all phases of security requirements analysis, and information security system design as well as available products, and management practices. Requires understanding of U.S. Government security policy including Department of Defense and appropriate civil agencies such as NIST, as well as commercial “best practices”. Experience includes holding technical responsibility for projects, and a successful history of task accomplishment.
Functional Responsibility:
1. Interpret CDCR, State of California and Federal information security policies, standards and other requirements as they relate to NIST standards and FedRAMP requirements.
2. Coordinate the implementation of the applicable information security policies and other information security requirements.
3. Ensure the security requirements
4. Ensure that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability.
5. Provide highly specialized experience in information, computer, and network security disciplines (e.g. penetration testing, accreditation, or risk assessment and mitigation);
6. Develop system security plans, certification and accreditation reviews;
7. Analyze and establish processes for comprehensive systems and data protection;
8. Assess and mitigate system security threats and risks;
9. Perform security audits, evaluation, risk assessments and make strategic recommendations;
10. Manage, support, install and maintain security tools and systems,
11. Track security patches and incidents.
Required Experience
- Must have a minimum of five (5) years of experience applying security policies, standards, testing, modification and implementation. At least three (3) years of that experience must be in information security analysis.
- Performs standard project tasks to analyze information security requirements, translate these into security designs, implements these designs, and tests effectiveness. Has working knowledge of standard information security products including firewalls, intrusion detection systems, anti-virus systems, vulnerability testing, and security analysis tools.
Education: BS in engineering, computer science, or other applicable technical or analytic discipline. Four (4) years of applicable experience may be substituted for degree.
