Job Title

Job Family

Job Code

Job Exempt

Information Systems Security Officer I

Non_Bargaining

CL-AIM40

Pay Grade

Pay Rate Type

Minimum

Midpoint

Maximum

NB111

Salary

$29.73

$37.90

$46.07

Job Description

Performs support functions to adhere to the fundamental principles of information security, confidentiality, and integrity. Performs security readiness reviews; conducts periodic security and system audits for internal audit and regulatory compliance; and performs a variety of technical tasks to support the protection of systems and digital assists involving the design, selection, implementation, tuning, and maintenance of security monitoring appliances. Periodically reviews solutions and hardware to ensure a secure configuration has been deployed. Primary duties include identifying possible vulnerabilities and work with functional areas to eliminate or mitigate risks. Is responsible for user provisioning where applicable. Interacts with Applications Development staff, providing consultation, problem resolution, and change management implementation. Collaborates with management and IT Department to improve security. Educates colleagues about security software and best practices for information security. Reports to the Information Security and Compliance Manager. Work is performed under general supervision and is reviewed upon completion through meetings, system performance, and assigned tasks.

Minimum Qualifications:

Bachelor’s Degree with major coursework in Computer Science and at least one (1) year work experience related to IT security, multi-user computer system/network administration, management or support; or an equivalent combination of specifically related education, training, and experience. Must pass a criminal background check.

Additional Qualifications for Promotion

Promotions are not to be considered an automatic function of longevity and are subject to the review and authorization of the Supervisor. The employee’s last performance review must have resulted in an overall rating of Meets standards or better with no factor rating of less than meets.

Responsibilities

EXAMPLES OF WORK PERFORMED:

Note: The listed duties are only illustrative and are not intended to describe every function that may be performed by this job class. The omission of specific statements does not preclude management from assigning specific duties not listed if such duties are a logical assignment to the position.

Reviews and evaluates operating procedures, security, program, data library control procedures, and backup and disaster recovery procedures.

Controls data, objects, and source movement from development to production environments on AS/400 computer systems in accordance with the change management and ISD established policies and procedures.

Analyzes and develops procedures for movement and compiling of developed applications from a test environment to the live production environment.

Designs, codes, tests, and modifies command language programs as well as logical, physical, and device files.

Acts as a consultant with regard to system software or technical questions from clients. Consults with service personnel regarding problems to ensure continuous operation of the system, remote communication lines, controllers (remote and local), terminals, and printers.

Monitors and analyzes system logs, journals, and statistics to determine security violations; monitors and modifies the operating system values in the main computer systems.

Assists when production job terminates abnormally by debugging program service dumps and job logs; provides assistance for backup development and implementation and disaster recovery systems.

Evaluates, tests, and installs vendor supplied system program fixes related to security managed applications. Recognizes, interprets, and initiates resolution of any main computer system problems, halts, or shutdowns as reported by operations or other teams within IT.

Monitors performance and operation of various software operating packages and adjusts as needed or requested.

Develops system proposals, documentation, and procedures; analyzes main computer systems hardware and software proposals; and assists management with regards to recommendations.

Monitors network traffic and web application firewalls to detect and respond to security incidents and events while leveraging applications to identify abnormal traffic and suspicious activities.

Utilizes software to actively monitor end-user devices for malicious files and processes; conducts thorough reviews of hashes and processes against available threat intelligence; and determines suitable actions, such as marking files/processes as safe or implementing blocks as necessary. In cases of security incidents, promptly isolates affected hosts, investigates root causes, and implements remediation measures.

Utilizes software to review automated investigations created by Microsoft Intelligence as well as reported emails from clients marked as junk/phishing; evaluates them for potential threats; and determines if removal is necessary. Conducts comprehensive follow-ups to identify other users who may have received suspicious emails containing potential phishing links. Additionally, investigates instances where users have interacted with malicious links; assesses the extent of the threat, such as potential downloads of malicious files and compromises to endpoint or user credentials. Initiates incident response procedures as necessary. Utilizes queries to craft detection rules for advanced threat hunting and enhancing proactive security measures.

Manages console, including alarm management, incident creation based on severity levels, and collaboration with operations and clients. Performs backend SIEM management tasks, such as regular audits and updates to log source records. Implements new alarms using regex queries, OSINT, IOCs, and vulnerability data; tunes alarms and automation tools; and integrates additional contextualizing tools for logging events.

Conducts daily review of tickets received from computer operations, covering a range of issues including: network troubleshooting; end-user device problems related to internal or third-party applications; and potential viruses/malware detection. Coordinates with clients and relevant operations teams to identify the cause of incidents, implement resolutions, and ensure timely closure of tickets.

Stays updated on the latest cybersecurity trends by conducting ongoing research and analysis of open-source intelligence (OSINT) and threat intelligence relevant to the organization's environment; identifies vulnerabilities associated with applications or services used within the organization; and collaborates with the appropriate teams to ensure mitigation of these vulnerabilities through patching or user awareness initiatives.

Performs security reviews of pending projects initiated by clients requesting new software or hardware, encompassing thorough examination of vendor documentation and architecture assessments; provides comprehensive feedback regarding any security concerns pertaining to the product/hardware's level of security and feasibility within the organization's environment; and conducts risk assessments on each project to ensure alignment with security standards and protocols.

Conducts regular security awareness training sessions for the organization through seminars, orientation presentations, or incident-driven initiatives; develops detailed PowerPoint presentations with interactive Q&A sessions to address concerns; and provides guidance via email or phone calls to assist users in reducing cyber risk by educating them on email and file review best practices, safe website navigation, and other relevant cybersecurity measures.

Manages the Mobile Device Management (MDM) environment for the organization, including the development of policies, profiles, configurations, and assignments for mobile devices; tailors application assignments based on departmental needs, ensuring that each department has access to the necessary applications and resources; implements procedures to manage updates for Android and iOS devices; and ensures ongoing compliance with organizational standards and security requirements. Additionally, ensures that devices are being archived through the organization's text archiving platform to maintain data integrity and compliance.

Performs other duties as assigned.

KNOWLEDGE, SKILLS AND ABILITIES:

Knowledge of mini and mainframe computers and various computer programs, system analysis procedures and computer operations.

Knowledge of Windows, AS/400, Linux, and UNIX operating systems.

Knowledge of modern information systems and data processing concepts, techniques and operating principles.

Knowledge of the capabilities, limitations and uses of electronic computers and peripheral equipment and techniques of translating user requirements into structured applications and programs utilizing available resources.

Knowledge of security implementations and auditing in the mid-range computer environment.

Ability to operate personal computer for extended periods of time.

Ability to analyze and modify configuration of the main computer systems and modify system values to optimize machine utilization and performance.

Ability to troubleshoot and resolve system problems and malfunctions.

Ability to establish and maintain effective working relationships with employees, and vendors.

ADDITIONAL REQUIREMENTS FOR PROMOTION:
Last performance evaluation must have resulted in an overall meets standards rating or better with no goal rating of less than meets standards.

Promotions are not to be considered as an automatic function of longevity. Requests for promotion are to be initiated by the program manager, considered in view of employee performance evaluations, and are subject to the review and authorization of the Manager.