Skip to Main Content

IT QUALITY ASSURANCE SPECIALIST

Security Technical Specialist

Recruitment #19-004483-0001

GRADE

18

LOCATION OF POSITION

6776 Reisterstown Road, Baltimore, MD 21215

Main Purpose of Job

This position performs the functions of the information security program that are responsible for maintaining the availability, confidentiality and integrity of the information assets of the Department of Public Safety and Correctional Services. This position performs risk assessments and recommends strategies to eliminate or mitigate risks. This position performs audits of systems, and organizational units to determine compliance with standards and procedures. Develops and recommends standards and procedures where missing or inadequate. Reviews and updates standards and procedures when laws or overriding standards are changed. Monitors compliance with standards and procedures by reviewing reports generated by security monitoring systems. Assists the Chief Information Security Officer in assuring that information is accurate and available to authorized users and is adequately protected from unauthorized exposure or release.

POSITION DUTIES

Performs regular audits and unannounced inspections of systems and organizational units within the department to determine compliance with security procedures. Develops checklists based on standards and procedures. Collects information and artifacts to support audit findings. Reports findings to affected units and to upper management. Performs regular follow up to determine when corrective actions are applied and that they continue to work effectively. Assists external auditors with the planning and execution of audits and acts as a coordinator for the follow up on external audit findings.  

Performs risk analysis and assessments by reviewing security logs and automated security reports at regular intervals. Examples of work include the review of the reports and logs of the Network Intrusion Detection System, Advanced Authentication systems and various additional specialized security systems. Detects and reports security failures and risks exposed in these logs and assists in the development of corrective actions.  

Establishes the security requirement standards for new systems. Reviews security plans for new systems and determines whether they are adequate. Provides information on deficiencies and relates them to the appropriate standards to assist developers in becoming compliant.  

Establishes standards for and monitors the use of state information technology assets including email, internet, network, computers and printers. Reviews reports of usage for abuse and reports incidents for investigation.

Provides recommendations for security compliance to technical and project leadership based upon research and evaluation of legislation (HIPAA, PII, NIST, FISMA, PCI, DHS, ISO), and industry best practices. 

Analyzes the security posture of information systems based upon industry best practices, standards & guidelines, and regulatory requirements including, but not limited to, NIST, COBIT, SOC2, ISO.

Reviews and monitors the process for certifying access to criminal justice information. Maintains procedures in compliance with federal and state laws regarding authentication, authorization and accounting of user activity. Monitors compliance with procedures and reports deviations.                        

Receives and reviews security warnings and advisories and assesses the risk to the Department. Disseminates information to the appropriate and relevant staff.  

Keeps informed of the latest developments and trends in information assurance by attending classes and seminars, reading trade journals and participating in self-instruction courses.  

Performs other duties as assigned.

MINIMUM QUALIFICATIONS

Education: A Bachelor's degree from an accredited college or university in Computer Information Technology, Computer Science, Management Information Systems or other information technology-related field with course work in systems analysis and programming, operating systems or information technology quality assurance.

Experience: Two years of experience designing, developing, implementing and maintaining applications systems and programs using generally accepted computer programming languages.

Notes:

1. Graduation from an accredited high school or possession of a high school equivalency certificate and thirty credit hours from an accredited college or university in Computer Information Technology, Computer Science, Management Information Systems or other information technology-related field with course work in systems analysis and programming, operating systems or information technology quality assurance may be substituted for the required education.

2. Graduation from an accredited high school or possession of a high school equivalency certificate and one additional year of experience designing, developing, implementing and maintaining applications systems and programs using generally accepted computer programming language may be substituted for the required education.

3. Experience operating computer systems; or scheduling, controlling input and output to process data on computer systems; or evaluating, implementing and maintaining computer hardware and software; or converting data from project specifications by developing program code using generally accepted computer programming languages may be substituted for high school education on a year-for-year basis.

4. Candidates may substitute U.S. Armed Forces military service experience as a commissioned officer in Information Technology Management classifications or Information Technology Management specialty codes in the Information Technology field of work on a year-for-year basis for the required experience and education.

DESIRED OR PREFERRED QUALIFICATIONS

Experience performing regular information security audits and unannounced inspections of systems and organizational units.

Working knowledge of various compliance legislation and industry standards (e.g. HIPAA/PII/PCI/FISMA/NIST)

Knowledge and experience with information security technologies, methodologies, and practices, including, but not limited to, risk assessment and management, intrusion detection and prevention, vulnerability assessment and management, system administration (Windows, z/OS, Linux, Unix, etc.), security policy, industry standards, and best practices, security incident response, auditing and security administration of network security systems and operating systems, access control, encryption, firewalls, secure proxies, networking, database and application security, security event log analysis, virus prevention and remediation, and custom programming/scripting.

Experience performing risk analysis and assessments by reviewing security logs and automated security reports.

Must demonstrate strong critical thinking and analytical reason skills.

Ability to work on multiple priorities effective and prioritize conflicting demands.

Ability to maintain confidentiality

LICENSES, REGISTRATIONS AND CERTIFICATIONS

Not applicable

EXAMINATION PROCESS

The examination will consist of a rating of your education, training, and experience as presented on your application and as they relate to the requirements of the position. Therefore, it is important that you provide complete and accurate information on your application. Successful candidates will be ranked as Best Qualified, Better Qualified, or Qualified and placed on the employment (eligible) list for at least one year.

Please make sure that you provide complete and accurate information on your application to show that you meet the qualifications for this recruitment. All information concerning your qualifications must be submitted by the closing date. We will not consider information submitted after the above closing date.

BENEFITS

FURTHER INSTRUCTIONS

To submit your qualifying documents; the preferred method is to upload them using the "other" tab on the online application. However, if you’re unable to upload your documents, please fax requested information only to 410-585-0570 (providing a cover sheet with your contact information, recruitment name, recruitment number and the number of pages faxed). We will not consider information submitted after the closing date of this announcement.

Resumes will NOT be accepted in lieu of completing the online or paper application.

Online applications are STRONGLY recommended; if you do not have internet access, please mail your application by the closing date to:

HRSD-Recruitment & Examination

ATTN: J. Rolon

300 East Joppa Road, Suite 1107

Towson, MD 21286

For more information, please call 410-339-3695

As an equal opportunity employer Maryland is committed to recruiting, retaining and promoting employees who are reflective of the State’s diversity.

TTY Users: call via Maryland Relay

We thank our Veterans for their service to our country, and encourage them to apply.




Powered by JobAps