IT QUALITY ASSURANCE SPECIALIST
Security Technical Specialist
Recruitment #19-004483-0001
Department | DPSCS Information Technology & Communications Div |
---|---|
Date Opened | 4/2/2019 11:59:00 PM |
Filing Deadline | 4/17/2019 11:59:00 PM |
Salary | $50,897.00 - $81,680.00/year |
Employment Type |
Full-Time
|
HR Analyst | Jacob Rolon |
Work Location |
Baltimore City
|
GRADE
LOCATION OF POSITION
Main Purpose of Job
POSITION DUTIES
Performs regular audits and unannounced inspections of systems and organizational units within the department to determine compliance with security procedures. Develops checklists based on standards and procedures. Collects information and artifacts to support audit findings. Reports findings to affected units and to upper management. Performs regular follow up to determine when corrective actions are applied and that they continue to work effectively. Assists external auditors with the planning and execution of audits and acts as a coordinator for the follow up on external audit findings.
Performs risk analysis and assessments by reviewing security logs and automated security reports at regular intervals. Examples of work include the review of the reports and logs of the Network Intrusion Detection System, Advanced Authentication systems and various additional specialized security systems. Detects and reports security failures and risks exposed in these logs and assists in the development of corrective actions.
Establishes the security requirement standards for new systems. Reviews security plans for new systems and determines whether they are adequate. Provides information on deficiencies and relates them to the appropriate standards to assist developers in becoming compliant.
Establishes standards for and monitors the use of state information technology assets including email, internet, network, computers and printers. Reviews reports of usage for abuse and reports incidents for investigation.
Provides recommendations for security compliance to technical and project leadership based upon research and evaluation of legislation (HIPAA, PII, NIST, FISMA, PCI, DHS, ISO), and industry best practices.
Analyzes the security posture of information systems based upon industry best practices, standards & guidelines, and regulatory requirements including, but not limited to, NIST, COBIT, SOC2, ISO.
Reviews and monitors the process for certifying access to criminal justice information. Maintains procedures in compliance with federal and state laws regarding authentication, authorization and accounting of user activity. Monitors compliance with procedures and reports deviations.
Receives and reviews security warnings and advisories and assesses the risk to the Department. Disseminates information to the appropriate and relevant staff.
Keeps informed of the latest developments and trends in information assurance by attending classes and seminars, reading trade journals and participating in self-instruction courses.
Performs other duties as assigned.
MINIMUM QUALIFICATIONS
Education: A Bachelor's degree from an accredited college or university in Computer Information Technology, Computer Science, Management Information Systems or other information technology-related field with course work in systems analysis and programming, operating systems or information technology quality assurance.
Experience: Two years of experience designing, developing, implementing and maintaining applications systems and programs using generally accepted computer programming languages.
Notes:
1. Graduation from an accredited high school or possession of a high school equivalency certificate and thirty credit hours from an accredited college or university in Computer Information Technology, Computer Science, Management Information Systems or other information technology-related field with course work in systems analysis and programming, operating systems or information technology quality assurance may be substituted for the required education.
2. Graduation from an accredited high school or possession of a high school equivalency certificate and one additional year of experience designing, developing, implementing and maintaining applications systems and programs using generally accepted computer programming language may be substituted for the required education.
3. Experience operating computer systems; or scheduling, controlling input and output to process data on computer systems; or evaluating, implementing and maintaining computer hardware and software; or converting data from project specifications by developing program code using generally accepted computer programming languages may be substituted for high school education on a year-for-year basis.
4. Candidates may substitute U.S. Armed Forces military service experience as a commissioned officer in Information Technology Management classifications or Information Technology Management specialty codes in the Information Technology field of work on a year-for-year basis for the required experience and education.
DESIRED OR PREFERRED QUALIFICATIONS
Experience performing regular information security audits and unannounced inspections of systems and organizational units.
Working knowledge of various compliance legislation and industry standards (e.g. HIPAA/PII/PCI/FISMA/NIST)
Knowledge and experience with information security technologies, methodologies, and practices, including, but not limited to, risk assessment and management, intrusion detection and prevention, vulnerability assessment and management, system administration (Windows, z/OS, Linux, Unix, etc.), security policy, industry standards, and best practices, security incident response, auditing and security administration of network security systems and operating systems, access control, encryption, firewalls, secure proxies, networking, database and application security, security event log analysis, virus prevention and remediation, and custom programming/scripting.
Experience performing risk analysis and assessments by reviewing security logs and automated security reports.
Must demonstrate strong critical thinking and analytical reason skills.
Ability to work on multiple priorities effective and prioritize conflicting demands.
Ability to maintain confidentiality
LICENSES, REGISTRATIONS AND CERTIFICATIONS
EXAMINATION PROCESS
The examination will consist of a rating of your education, training, and experience as presented on your application and as they relate to the requirements of the position. Therefore, it is important that you provide complete and accurate information on your application. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the employment (eligible) list for at least one year.
Please make sure that you provide complete and accurate information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after the above closing date.
BENEFITS
FURTHER INSTRUCTIONS
To submit your qualifying documents; the preferred method is to upload them using the "other" tab on the online application. However, if you’re unable to upload your documents, please fax requested information only to 410-585-0570 (providing a cover sheet with your contact information, recruitment name, recruitment number and the number of pages faxed). We will not consider information submitted after the closing date of this announcement.
Resumes will NOT be accepted in lieu of completing the online or paper application.
Online applications are STRONGLY recommended; if you do not have internet access, please mail your application by the closing date to:
HRSD-Recruitment & Examination
ATTN: J. Rolon
300 East Joppa Road, Suite 1107
Towson, MD 21286
For more information, please call 410-339-3695
As an equal opportunity employer Maryland is committed to recruiting, retaining and promoting employees who are reflective of the State’s diversity.
TTY Users: call via Maryland Relay
We thank our Veterans for their service to our country, and encourage them to apply.