CYBER SECURITY ENGINEER III

at Rose International
Location Henderson, NV
Date Posted January 14, 2022
Category Default
Job Type Full-time

Description

Position Title: CYBER SECURITY ENGINEER III

Position Number: 396051

Location: Henderson, NV 89015

Position Type: Temp to Hire

Required Skill Set:

CISSP, cyber security

Position Description:

**Only U.S. Citizens and those authorized to work in the U.S. can be considered as W2 candidates.**
Henderson, NV
Cyber Security Engineer III
Contract to Hire

PURPOSE
Under minimal supervision, architects, installs, configures, operates, implements, and maintains information security systems and operational processes. Manages cyber security incident response, vulnerability assessment, cyber security training, and Managed Security Services Programs; and performs related duties as assigned.

ESSENTIAL FUNCTIONS
• Acts as compliance subject matter expert by collaborating on projects with departments regarding their IT security and compliance needs

Security Operations
• Oversees the daily operations of the Managed Security Services Program (MSSP) and vendor relationship, and Security Information and Event Management (SIEM) platforms
• Leads and/or participates in the definition, identification, evaluation, and selection of security technologies, techniques, and tools, manages relationships, and negotiates with vendors, outsourcers, and contractors to obtain security-related services and products
• Leads the Cyber Security Incident Response technical team and maintains awareness of security and privacy legislation, regulations, advisories, alerts, and vulnerabilities that apply to the City and its mission and makes recommendations for changes or enhancements
• Conducts annual audits and updates the Cyber Security Incident Response Plan Technical Handling Guides
• Acts as a security operations subject matter expert by collaborating on projects with departments regarding their IT security and compliance needs and provides escalation support for non-routine security anomalies and incidents

Risk and Compliance
• Manages the Client''s technical compliance programs for Nevada Revised Statutes (NRS), Payment Card Industry (PCI-DSS), Criminal Justice Information Services (CJIS) Policy, and the Health Insurance Portability and Accountability Act (HIPAA) as well as the cyber security training program, including executive reporting
• Manages vulnerability assessments program to identify security architectural, policy, and procedural gaps as they relate to operational security and risk and makes recommendations to mitigate overall risk
• Responsible for the development and maintenance of security policies, procedures, and guidelines as they relate to compliance, operations, and security best practices
• Manages and coordinates the Client’s technical compliance programs; manages the responses to requests for legal holds, public records requests, and confidential investigations

MINIMUM QUALIFICATIONS
• Bachelor''s Degree from an accredited college or university in Computer Science, Information Technology, Information Security, or a related field
• Five (5) years of experience in Cyber Security with an emphasis in analysis and incident response which includes:
o Three (3) years of experience providing information security services in a highly regulated environment such as payment card industry, law enforcement or healthcare (PCI-DSS, CJIS, HIPAA); or
o Three (3) years of experience supervising, developing, and supporting information security programs
• Note: An equivalent combination of related training and experience may be considered
• Must possess a current (ISC) 2 Certified Information Systems Security Professional (CISSP) certification at time of hire
• Must possess or obtain within six (6) months of hire the Payment Card Industry (PCI) Internal Security Assessor (ISA) certification OR the GIAC - Certified Incident Handler (GCIH) certification
• Must possess or obtain within two (2) years of hire at least three (3) of the below certifications and maintain them as a condition of continued employment.
o (ISC)2 – HealthCare Information Security and Privacy Practitioner HCISPP
o (ISC)2 – Certified Cloud Security Professional CCSP
o ISACA – Certified in Risk and Information Systems Control CRISC
o ISACA - Certified Information Systems Auditor CISA
o ISACA – Certified Information Security Manager CISM
o GIAC - Certified Forensic Analyst GCFA
o GIAC - Certified Enterprise Defender GCED
o GIAC - Certified Forensic Examiner GCFE
o Splunk – Enterprise Certified Admin
• Must pass a nationwide fingerprint-based record check, and a wants/warrants check.
• Must complete Security Awareness and National Crime Information Center (NCIC)/Nevada Criminal Justice Information System (NCJIS) certification within six months of hire/transfer and be recertified every two years. Must maintain certifications in NCIC/NCJIS as a condition of continued employment
• Desirable: Master''s Degree in a related field
• Desirable: Familiarity with legal hold processes and requirements
• Desirable: Splunk operations and administration experience
• Desirable: Any of the following certifications:
o GIAC - Cloud Security Essentials GCLD
o GIAC - Cyber Threat Intelligence GCTI
o GIAC - Continuous Monitoring Certification GMON
o GIAC - Network Forensic Analyst GNFA
o GIAC - Reverse Engineering Malware GREM
o GIAC - Defending Advanced Threats GDAT
o GIAC - Certified Detection Analyst GCDA
o GIAC - Defensible Security Architecture GDSA
o GIAC - Certified Windows Security Administrator GCWN
o GIAC - Open-Source Intelligence GOSI
o ISACA - Certified Information Systems Auditor CISA
o Splunk – Enterprise Certified Admin

KNOWLEDGE, SKILLS, AND ABILITIES
• Thorough knowledge of federal, state, local, and other information security regulations and compliance requirements which include PCI and HIPAA; vendor management, security product selection, configuration, and monitoring processes; the principles and practices of project management; security strategies and technologies; scripting languages; routing, switching, and bridging in LAN & WAN environments; access methods and network topologies, Windows and Linux server administration; incident response procedures and standards; designing and implementing security controls to identify vulnerabilities and protect electronic infrastructures; building, maintaining, and upgrading security technologies
• Good knowledge of security standards, regulations, and best practices; incident response procedures and standards; network-based and system-level attacks and mitigation methods; financial impact analyses processes and procedures; and secure configuration of workstation operating systems and software; DNS, DHCP and NTP; financial impact analysis processes and procedures
• Ability to analyze and define problem sources and conceptualize practical solutions based on the computing environment; organize and prioritize a series of requests based on dynamic factors; plan and implement solutions with foresight and consideration of future computing environments; diagnose and resolve complex computer-related issues; analyze programs, policies, and operational needs, and identify and recommend alternatives and improvements; communicate effectively with individuals from various socioeconomic, ethnic, and culturally diverse backgrounds; and establish and maintain effective and positive working relationships with those contacted in the course of work.
Drop files here browse files ...