---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Engineer
Type: Permanent F/T
Closing Date: 10/07/2004
This is a great opportunity with a unique organization!
RESPONSIBILITIES:
Under the general direction of the Chief Information Security Officer, the
Information Technology Specialist III (Information Security Engineer) is
responsible for:
1. Establishing and managing the technical aspects of the Legislative Data
Center (LDC) information security infrastructure.
2. Providing the highest technical expertise in the implementation of policies
and standards regarding information security, confidentiality and privacy, and
the integrity, auditability, and controllability of information in the LDC
information technology environment.
3. Recommending the appropriate information security solutions to LDC
management and the LDC customers.
The ITS III works independently, as a team member, or as a project leader on
the most complex security initiatives, where the consequences of unmitigated
security vulnerabilities could have a significant impact on the business
success of the LDC
JOB REQUIREMENTS
---------------------------------------------------
MINIMUM QUALIFICATIONS: A minimum of five (5) years of experience as an
information security analyst, information security administrator, or
information security engineer, one (1) year of which shall have been in a lead
capacity.
Demonstrated experience in network design and configuration including
firewalls, IP addressing, remote access, and wireless technology security.
Knowledge of the security products supported by various operating systems and
the interaction between the security products, the operating system and the
network.
Knowledge of internet, intranet, and extranet technologies to facilitate
development of recommended security architectures in conjunction with LDC
customers.
Knowledge of the information security marketplace and trends.
Knowledge of methods to investigate and resolve information security issues.
Ability to determine the impact of changes across multiple products and
services that affect security architectures and policies.
Knowledge of technical architectures and practices utilized to develop
comprehensive security architectures.
Experience using security diagnostic and penetration tools to facilitate
ongoing security monitoring and assessment.
Knowledge of intrusion detection systems, including configuration and
reporting.
Demonstrated experience in project planning and management techniques.
Experience leading Incident Response efforts in a multi-vendor environment.
Ability to establish and maintain good working relationships with customers,
vendors, other staff and managers that culminate in meeting the customers*
expectations of information technology products and services.
Ability to anticipate the ramifications of a given course of action prior to
taking such action.
Ability to recognize the need to seek the counsel of others appropriately prior
to arriving at any conclusions or deciding on a unilateral course of action.
Ability to recognize differing points of view on a particular subject and a
willingness to negotiate a compromise solution when appropriate.
Ability to work in and contribute to a team environment.
Ability to remain calm and composed in stressful situations, and maintain a
sense of optimism and a positive mental attitude when under pressure.
DESIRABLE QUALIFICATIONS:
Knowledge of the Legislative environment and the related business processes.
Knowledge of the metrics associated with analyzing the performance of
components of the Information Technology environment.
Understanding of various encryption methods and associated implementation.
Experience with PKI.
Knowledge of the LDC IT environment and how it relates to security in order to
facilitate customers, managers, and technical staff in the development or
revision of risk management policies.
Professional certification through the Information Security Certification
Program of the International Information Systems Security Certification
Consortium (ISC)2 Institute as CISSP (Certified Information Systems Security
Professional), SSCP (Systems Security Certified Practitioner) or through the
SANS Institute's Global Information Assurance Certification (GIAC) Program is
highly desirable.
CONTACT
---------------------------------------------------
The link below is to the CA State Personnel Board website, which contains the
actual application and procedures.
http://www.spb.ca.gov/employment/more_info.cfm?recno=210307
Lee Vigue
CISO
LDC
Sacramento, California, US
lee.vigue@lc.ca.gov
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers a way to search and manage
job opportunities and resumes which is closely tied
to this mailing list.
http://www.securityfocus.com/jobs
